CVE 9.6 CRITICAL

CVE-2025-10573_CVE-2025-10573

December 9, 2025 invoker category_cve
9.6 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

AI Analysis

Stored XSS vulnerability in Ivanti Endpoint Manager allowing remote code execution

Basic Information

ID CVE-2025-10573
Source ivanti
Published Dec 9, 2025 at 15:55

Affected Product

Vendor Ivanti
Product Endpoint Manager
Version 2024 SU4 SR1

CWE Classification

CWE-79

AI Assessment

AI Score 9.6 / 10
AI Severity Critical
Vendor Ivanti
Product Endpoint Manager
Version prior to 2024 SU4 SR1

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.