CVE-2025-13659
HIGHDescription
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Is your site exposed to CVE-2025-13659?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-13659? +
How severe is CVE-2025-13659? +
What products are affected by CVE-2025-13659? +
How do I check if I'm vulnerable to CVE-2025-13659? +
Related Vulnerabilities
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as …
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a …
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This …
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check …
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), …
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain …