CVE-2025-10573
Summary
CVE-2025-10573 is a critical severity Stored Cross-Site Scripting (XSS) vulnerability affecting Ivanti Endpoint Manager. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary JavaScript code within the context of an administrator's session, potentially leading to complete system compromise. User interaction is required for successful exploitation.
Technical Details
CVE-2025-10573 is a Stored XSS vulnerability. This means that malicious JavaScript code can be injected into the Ivanti Endpoint Manager system and stored persistently. When an administrator accesses the affected area of the application, the stored JavaScript code is executed within their browser session. This allows the attacker to perform actions on behalf of the administrator, such as modifying system configurations, creating new user accounts with elevated privileges, or accessing sensitive data. The vulnerability exists because the application fails to properly sanitize user-supplied input before storing it in the database. This allows an attacker to inject malicious JavaScript code into a field that is later displayed to administrators.
The attacker can inject the malicious script through various input fields within the Ivanti Endpoint Manager interface. Once injected, the script is stored in the system's database. When an administrator views the page containing the injected script, their browser executes the script, granting the attacker control within the administrator's session. This could lead to a complete compromise of the Ivanti Endpoint Manager system.
Affected Products and Versions
This vulnerability affects the following Ivanti Endpoint Manager versions:
- All versions prior to 2024 SU4 SR1
Impact Assessment
Successful exploitation of CVE-2025-10573 can have severe consequences, including:
- Complete System Compromise: An attacker can gain full control of the Ivanti Endpoint Manager server.
- Data Breach: Sensitive data stored within the system, such as user credentials and configuration settings, can be accessed and exfiltrated.
- Malware Distribution: The attacker can use the compromised system to distribute malware to managed endpoints.
- Privilege Escalation: An attacker can escalate their privileges to gain administrative access to the entire network.
- Denial of Service: The attacker can disrupt the normal operation of the Ivanti Endpoint Manager system, leading to a denial of service.
Remediation
Immediate Actions
- Apply the Patch: Upgrade Ivanti Endpoint Manager to version 2024 SU4 SR1 or later. This patch addresses the Stored XSS vulnerability.
- Review Audit Logs: Examine system logs for any suspicious activity that may indicate exploitation of this vulnerability.
- Monitor Network Traffic: Monitor network traffic for any unusual patterns that may indicate an ongoing attack.
Long-term Solutions
- Input Validation: Implement robust input validation and sanitization techniques to prevent XSS vulnerabilities.
- Regular Security Audits: Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.
- Security Awareness Training: Provide security awareness training to administrators and users to help them identify and avoid phishing attacks and other social engineering tactics.
References
Detection & Scanning
Detecting CVE-2025-10573 requires careful examination of Ivanti Endpoint Manager logs and system behavior. Look for suspicious activity, such as unexpected JavaScript execution or unauthorized modifications to system configurations. Vulnerability scanners can also be used to identify systems that are running vulnerable versions of Ivanti Endpoint Manager.
Scan Your Website
Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.
Start Free ScanScan Your Website for Vulnerabilities
Discover security issues before attackers do. Our AI-powered scanner checks for the vulnerabilities discussed in this guide and more.
Start Free Scan