Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerabilities in Ivanti Endpoint Manager
Alerts

Active Exploitation of Critical Vulnerabilities in Ivanti Endpoint Manager

12 March 2025

Ivanti has released updates addressing critical vulnerabilities in Ivanti Endpoint Manager products. Users and administrators of the affected products are advised to update to the latest versions immediately.

Ivanti has released updates addressing critical vulnerabilities (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) in Ivanti Endpoint Manager appliances. The vulnerabilities are reportedly being actively exploited and have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the absolute path traversal vulnerabilities could allow an unauthenticated attacker to leak sensitive data remotely.

The vulnerabilities affect the following Ivanti Endpoint Manager versions:

  • 2024 November security update and prior 

  • 2022 SU6 November security update and prior

Users and administrators of the affected products are advised to update to the latest versions immediately. 

More information is available here:

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US

https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/

https://nvd.nist.gov/vuln/detail/CVE-2024-13159

https://nvd.nist.gov/vuln/detail/CVE-2024-13160

https://nvd.nist.gov/vuln/detail/CVE-2024-13161

Back to top