CVE 8.8 HIGH

CVE-2025-13659_CVE-2025-13659

December 9, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

AI Analysis

Remote code execution vulnerability due to improper control of dynamically managed code resources

Basic Information

ID CVE-2025-13659

Source ivanti

Published Dec 9, 2025 at 15:59

Modified Dec 9, 2025 at 17:05

Affected Product

Vendor Ivanti

Product Endpoint Manager

Version 2024 SU4 SR1

CWE Classification

CWE-913

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Ivanti

Product Endpoint Manager

Version 2024 SU4 SR1

References

forums.ivanti.com /s/article/Security-Advisory-EPM-December-2025-for-EPM-2024

{
    "lastseen": "",
    "description": "Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.",
    "published": "2025-12-09T15:59:18.340Z",
    "modified": "2025-12-09T17:05:38.887Z",
    "type": "cve",
    "title": "CVE-2025-13659",
    "source": "ivanti",
    "references": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024",
    "id": "CVE-2025-13659",
    "bulletinFamily": "",
    "cwe": [
        "CWE-913"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Endpoint Manager",
    "version": "2024 SU4 SR1",
    "vendor": "Ivanti",
    "ai_description": "Remote code execution vulnerability due to improper control of dynamically managed code resources",
    "ai_severity": "High",
    "ai_vendor": "Ivanti",
    "ai_product": "Endpoint Manager",
    "ai_version": "2024 SU4 SR1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply