CVE-2025-10573 is a critical stored cross-site scripting (XSS) vulnerability identified in Ivanti Endpoint Manager versions prior to 2024 SU4 SR1. The vulnerability stems from improper neutralization of user-supplied input during web page generation (CWE-79), allowing an attacker to inject malicious JavaScript code that is stored and later executed in the context of an administrator's session. The attack vector is remote and does not require any authentication, but it does require user interaction, such as an administrator viewing a crafted page or interface element. Once exploited, the attacker can execute arbitrary scripts with the same privileges as the administrator, potentially leading to session hijacking, credential theft, unauthorized configuration changes, or deployment of further malware. The vulnerability affects the confidentiality, integrity, and availability of the Endpoint Manager system and any managed endpoints. The CVSS v3.1 base score is 9.6, reflecting the ease of exploitation (low attack complexity, no privileges required), the critical impact on all security properties, and the scope change due to potential compromise of multiple systems managed by the Endpoint Manager. Although no known exploits have been reported in the wild yet, the severity and nature of the vulnerability make it a prime target for attackers. Ivanti Endpoint Manager is widely used in enterprise environments for endpoint management, patching, and security policy enforcement, making this vulnerability particularly impactful in organizations relying on this product for critical IT operations.

For European organizations, the impact of CVE-2025-10573 is significant due to the widespread use of Ivanti Endpoint Manager in enterprise IT environments, including government agencies, financial institutions, healthcare providers, and critical infrastructure operators. Successful exploitation could lead to unauthorized administrative access, allowing attackers to manipulate endpoint configurations, deploy malicious payloads, or exfiltrate sensitive data. This could disrupt business operations, cause data breaches, and lead to regulatory non-compliance under GDPR due to compromised personal data. The vulnerability's ability to affect confidentiality, integrity, and availability simultaneously increases the risk of severe operational and reputational damage. Additionally, the requirement for user interaction means that targeted phishing or social engineering campaigns could facilitate exploitation, raising the threat level for organizations with less mature security awareness programs. The scope of impact extends beyond the Endpoint Manager itself, potentially affecting all managed endpoints and connected systems, amplifying the risk across the enterprise network.

1. Immediately plan and deploy the official patch or update from Ivanti to version 2024 SU4 SR1 or later once it becomes available. 2. Until patching is possible, restrict access to the Ivanti Endpoint Manager administrative interface to trusted networks and IP addresses using network segmentation and firewall rules. 3. Implement strict input validation and output encoding on all user-supplied data fields within the Endpoint Manager interface to prevent injection of malicious scripts. 4. Employ web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the Endpoint Manager. 5. Conduct security awareness training for administrators to recognize and avoid interacting with suspicious links or content that could trigger the XSS attack. 6. Monitor logs and network traffic for unusual administrative session activity or signs of script injection attempts. 7. Consider deploying Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the administrative interface. 8. Regularly audit and review Endpoint Manager configurations and permissions to minimize exposure and privilege escalation opportunities.