Ivanti has released an urgent security update for Ivanti Endpoint Manager, addressing a newly discovered high-severity flaw that allows authenticated attackers to write files anywhere on the system. The advisory was published on November 10, 2025, and patches are now available.
The primary concern is CVE-2025-10918, a vulnerability caused by insecure default permissions in the Endpoint Manager agent.
Due to weak permission settings, a low-privileged local user could write arbitrary files to any directory on the device.
This level of access can enable attackers to replace legitimate files with malicious ones, escalate privileges, or take full control of the affected system. The flaw is rated 7.1 (High) and falls under CWE-276 — Improper Default Permissions.
Ivanti confirmed that the issue affects Endpoint Manager 2024 SU3 SR1 and earlier, and has released Endpoint Manager 2024 SU4 to address the problem. The update is available via the Ivanti License System (ILS) download portal.
Additional Vulnerabilities Fixed in the Same Update
Along with CVE-2025-10918, Ivanti also patched two previously disclosed issues:
- CVE-2025-9713 – disclosed in October 2025, now fixed with this update
- CVE-2025-11622 – previously disclosed in October 2025, now resolved
Ivanti states there is currently no evidence of active exploitation, but urges organizations to apply the update immediately due to the risk of abuse. The company also highlighted that customers using the 2022 product branch are no longer supported, as that version reached end-of-life in October 2025. No patches will be provided for unsupported versions, meaning upgrading to 2024 SU4 is mandatory.
Ivanti credited security researcher Enrique Fernández Lorenzo (bighound) for responsibly reporting CVE-2025-10918.
Keeping Endpoint Manager up to date is crucial — arbitrary file write vulnerabilities can quickly turn into privilege escalation, malware deployment, and full system compromise.
Follow Us on: LinkedIn, Instagram, Facebook to get the latest security news!
Leave A Comment