CVE-2025-10573 is a stored Cross-site Scripting (XSS) vulnerability identified in Ivanti Endpoint Manager before version 2024 SU4 SR1. The root cause is improper neutralization of user-supplied input during web page generation, classified under CWE-79. This flaw enables a remote attacker without any authentication to inject malicious JavaScript code that is persistently stored and later executed in the context of an administrator's browser session when they access the affected interface. The attack requires user interaction, typically the administrator viewing a crafted page or input field containing the malicious payload. The vulnerability impacts confidentiality by allowing theft of sensitive session tokens or credentials, integrity by enabling unauthorized actions or data manipulation, and availability by potentially executing disruptive scripts. The CVSS v3.1 base score is 9.6 (critical), reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, and scope change with high impact on confidentiality, integrity, and availability. Although no public exploits are currently known, the severity and ease of exploitation make this a high-priority security issue. Ivanti Endpoint Manager is widely used in enterprise environments for endpoint management, making this vulnerability a significant risk for organizations managing large device fleets. The lack of patch links suggests that remediation involves upgrading to version 2024 SU4 SR1 or later where the issue is fixed.

The impact of CVE-2025-10573 is severe for organizations worldwide using Ivanti Endpoint Manager. Exploitation can lead to full compromise of administrator accounts, allowing attackers to execute arbitrary commands, manipulate endpoint configurations, and potentially move laterally within the network. Confidential data such as credentials, session tokens, and sensitive configuration details can be stolen. Integrity of endpoint management processes can be undermined, leading to unauthorized changes or deployment of malicious software. Availability may be affected if attackers disrupt management services or deploy denial-of-service scripts. Given the critical role of endpoint management in enterprise security, this vulnerability could facilitate large-scale breaches, data exfiltration, and operational disruptions. Organizations in sectors like finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitive nature of managed endpoints and regulatory compliance requirements.

To mitigate CVE-2025-10573, organizations should immediately upgrade Ivanti Endpoint Manager to version 2024 SU4 SR1 or later where the vulnerability is patched. In the absence of immediate patching, implement strict input validation and output encoding on all user-supplied data displayed in the management console to prevent script injection. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in the administrator interface. Limit administrative access to trusted networks and use multi-factor authentication to reduce the risk of session hijacking. Monitor logs for unusual activity indicative of XSS exploitation attempts. Conduct regular security awareness training for administrators to recognize and avoid interacting with suspicious inputs or links. Additionally, consider deploying web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the management console. Finally, perform regular security assessments and penetration testing focused on the endpoint management infrastructure to identify and remediate similar vulnerabilities proactively.