CVE-2025-22464

CVE Database · CVE-2025-22464

CVE-2025-22464

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

0.23%

Published

Apr 8, 2025

Modified

May 16, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Weaknesses (CWE)

CWE-822

Affected Products (9)

ivanti · endpoint_manager (up to 2022)vulnerable

ivanti · endpoint_managervulnerable

References (1)

https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs