CVE-2025-22459
MEDIUMDescription
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
| ivanti | endpoint_manager |
References
Frequently Asked Questions
What is CVE-2025-22459? +
How severe is CVE-2025-22459? +
What products are affected by CVE-2025-22459? +
How do I check if I'm vulnerable to CVE-2025-22459? +
Related Vulnerabilities
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to …
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance …
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper …
CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has …
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate …
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves …