Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2025-22461

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

  • Published: Apr 8, 2025
  • Updated: May 17, 2025
  • CVE: CVE-2025-22461
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
ivanti / endpoint_manager 2022-su1 2022-su1.x
ivanti / endpoint_manager - 2022
ivanti / endpoint_manager 2022 2022.x
ivanti / endpoint_manager 2022-su2 2022-su2.x
ivanti / endpoint_manager 2022-su3 2022-su3.x
ivanti / endpoint_manager 2022-su4 2022-su4.x
ivanti / endpoint_manager 2022-su5 2022-su5.x
ivanti / endpoint_manager 2022-su6 2022-su6.x
ivanti / endpoint_manager 2024 2024.x