CVE-2025-6995
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
| Software | From | Fixed in |
|---|---|---|
| ivanti / endpoint_manager | 2022-su1 | 2022-su1.x |
| ivanti / endpoint_manager | - | 2022 |
| ivanti / endpoint_manager | 2022 | 2022.x |
| ivanti / endpoint_manager | 2022-su2 | 2022-su2.x |
| ivanti / endpoint_manager | 2022-su3 | 2022-su3.x |
| ivanti / endpoint_manager | 2022-su4 | 2022-su4.x |
| ivanti / endpoint_manager | 2024 | 2024.x |
| ivanti / endpoint_manager | 2024-su1 | 2024-su1.x |
| ivanti / endpoint_manager | 2024-su2 | 2024-su2.x |
| ivanti / endpoint_manager | 2022-su5 | 2022-su5.x |
| ivanti / endpoint_manager | 2022-su6 | 2022-su6.x |
| ivanti / endpoint_manager | 2022-su7 | 2022-su7.x |
| ivanti / endpoint_manager | 2022-su8 | 2022-su8.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime