Close Menu
Cybercrime and Ransomware

Hundreds of Ivanti EPM Systems Exposed Online Before Critical Patch

Staff WriterBy No Comments4 Mins Read3 Views

Essential Insights

  1. Ivanti has released a critical security update (version 2024 SU4 SR1) to patch four vulnerabilities in Endpoint Manager, including a high-severity flaw (CVE-2025-10573) with a CVSS score of 9.6 that allows attackers to hijack admin sessions without authentication.
  2. The most severe vulnerability involves unauthenticated submission of malicious data that injects JavaScript into the admin dashboard, providing attackers with full control over devices and endpoints.
  3. Given EPM’s history of targeted attacks and active exploitation, urgent patching within 24 hours is essential, especially for internet-facing systems, to prevent remote code execution, malware deployment, or persistent backdoors.
  4. Organizations are advised to implement strict network segmentation, avoid exposing management interfaces publicly, and train staff to recognize social engineering, due to EPM’s high privileges and critical role in enterprise security.

What’s the Problem?

Ivanti recently released a security update, addressing a critical vulnerability in Endpoint Manager (EPM) that could allow attackers to hijack admin sessions and gain control over thousands of enterprise devices. The most alarming flaw, tracked as CVE-2025-10573, was discovered by security researcher Ryan Emmons, who reported that unauthenticated attackers could submit malicious scan data to the web API. This malicious data could then be embedded into the dashboard, allowing attackers to execute malicious JavaScript, ultimately taking over administrator sessions and manipulating connected devices. The vulnerability’s severity stems from its potential to enable widespread, unauthorized control over enterprise endpoints, which is especially dangerous given EPM’s previous history of exploitation. Ivanti emphasizes that organizations must urgently patch to version 2024 SU4 SR1, particularly those exposed to untrusted networks, to prevent malicious actors from exploiting these flaws, which have already been actively targeted in the wild in the past.

Critical Concerns

The recent revelation that hundreds of Ivanti EPM systems were exposed online due to a critical flaw highlights a dangerous vulnerability that any business with similar systems could face. If left unpatched, cybercriminals might exploit this gap to access sensitive data, disrupt operations, or even take control of your entire network. As a result, your business’s reputation could suffer, trust erodes, and financial losses mount from data breaches or system downtime. Moreover, without swift action, these security lapses can lead to costly legal consequences and long-term damage to your brand. Therefore, it’s vital to stay vigilant, regularly update systems, and address vulnerabilities promptly to prevent similar threats from impacting your business.

Fix & Mitigation

Addressing vulnerabilities swiftly is vital to prevent exploitation, minimize damage, and maintain organizational trust when critical systems like Ivanti EPM are exposed online due to unpatched flaws.

Assessment & Identification

  • Conduct a comprehensive vulnerability scan to confirm exposure.
  • Gather details on affected systems, remediation status, and potential impact.

Immediate Containment

  • Isolate exposed Ivanti EPM systems from the network if possible.
  • Disable any unnecessary remote access to these systems to limit attack vectors.

Patch Deployment

  • Apply the latest security patches released by Ivanti without delay.
  • Verify patch integrity and successful installation across all systems.

Configuration & Hardening

  • Review and strengthen system configurations to reduce attack surface.
  • Disable unnecessary services and features that are not essential.

Monitoring & Detection

  • Implement continuous monitoring for suspicious activity on affected systems.
  • Set up alerts for unusual login attempts or data access patterns.

Communication & Reporting

  • Notify relevant internal teams and external stakeholders about the vulnerability and response measures.
  • Document the incident, response steps taken, and lessons learned.

Preventative Measures

  • Establish regular patch management routines and automated update processes.
  • Conduct security awareness training for personnel to identify potential threats.
  • Develop and rehearse incident response plans to reduce response time for future threats.

Continue Your Cyber Journey

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.