CVE-2025-22458 is a vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting Ivanti Endpoint Manager before versions 2024 SU1 and 2022 SU7. The flaw arises from the software's improper handling of DLL search paths, allowing an authenticated attacker with limited privileges to influence which DLLs are loaded by the application. By placing a malicious DLL in a location that the application searches before the legitimate DLL, the attacker can execute arbitrary code with SYSTEM-level privileges. This DLL hijacking attack vector enables privilege escalation without requiring user interaction, but it does require the attacker to have some level of authenticated access to the system. The vulnerability impacts confidentiality, integrity, and availability by potentially allowing complete system takeover. Although no public exploits have been reported yet, the vulnerability's characteristics and high CVSS score (7.8) indicate a significant risk. The issue was reserved in early 2025 and published in April 2025, with Ivanti expected to release patches in subsequent updates. The vulnerability is particularly critical in environments where Ivanti Endpoint Manager is used for centralized endpoint management, as compromise could lead to widespread control over managed devices.

The primary impact of CVE-2025-22458 is the potential for attackers with limited authenticated access to escalate privileges to SYSTEM level on affected endpoints. This can lead to full control over the endpoint, enabling attackers to install persistent malware, exfiltrate sensitive data, disrupt operations, or pivot to other network resources. Organizations relying on Ivanti Endpoint Manager for endpoint security and management face increased risk of widespread compromise if this vulnerability is exploited. The high severity and SYSTEM-level access gained can undermine trust in endpoint integrity and disrupt business continuity. Given the centralized nature of endpoint management, exploitation could have cascading effects across enterprise networks, especially in sectors with stringent security requirements such as government, finance, healthcare, and critical infrastructure.

1. Apply patches from Ivanti as soon as they become available for versions prior to 2024 SU1 and 2022 SU7. 2. Until patches are deployed, restrict authenticated user permissions to the minimum necessary to reduce the risk of privilege escalation. 3. Implement application whitelisting and restrict DLL loading paths using Group Policy or endpoint protection tools to prevent unauthorized DLLs from being loaded. 4. Monitor systems for unusual DLL loading behavior and privilege escalation attempts using endpoint detection and response (EDR) solutions. 5. Conduct regular audits of user privileges and remove unnecessary local accounts with elevated rights. 6. Use network segmentation to limit lateral movement in case of compromise. 7. Educate administrators and users about the risk of DLL hijacking and enforce strict operational security practices around endpoint management tools.