CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

Published: Apr 8, 2025
Updated: May 17, 2025
CVE: CVE-2025-22464
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWEs:

CWE-822

Affected Software
References

Software	From	Fixed in
ivanti / endpoint_manager	2022-su1	2022-su1.x
ivanti / endpoint_manager	-	2022
ivanti / endpoint_manager	2022	2022.x
ivanti / endpoint_manager	2022-su2	2022-su2.x
ivanti / endpoint_manager	2022-su3	2022-su3.x
ivanti / endpoint_manager	2022-su4	2022-su4.x
ivanti / endpoint_manager	2022-su5	2022-su5.x
ivanti / endpoint_manager	2022-su6	2022-su6.x
ivanti / endpoint_manager	2024	2024.x

https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6

Vulnerability Database

CVE-2025-22464