CVE-2025-22466
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
| Software | From | Fixed in |
|---|---|---|
| ivanti / endpoint_manager | 2022-su1 | 2022-su1.x |
| ivanti / endpoint_manager | - | 2022 |
| ivanti / endpoint_manager | 2022 | 2022.x |
| ivanti / endpoint_manager | 2022-su2 | 2022-su2.x |
| ivanti / endpoint_manager | 2022-su3 | 2022-su3.x |
| ivanti / endpoint_manager | 2022-su4 | 2022-su4.x |
| ivanti / endpoint_manager | 2022-su5 | 2022-su5.x |
| ivanti / endpoint_manager | 2022-su6 | 2022-su6.x |
| ivanti / endpoint_manager | 2024 | 2024.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime