CVE-2025-62384 is a SQL injection vulnerability classified under CWE-89, found in Ivanti Endpoint Manager versions 2024 SU3 SR1 and 2022 SU8 SR2. The flaw arises from improper neutralization of special elements in SQL commands, allowing a remote attacker with valid credentials to inject malicious SQL queries. This injection enables unauthorized reading of arbitrary data from the underlying database, compromising data confidentiality. The vulnerability requires authentication (PR:L) but no user interaction (UI:N), and can be exploited remotely over the network (AV:N). The CVSS v3.1 base score is 6.5, reflecting medium severity due to the high confidentiality impact but limited by the need for authenticated access and lack of integrity or availability impact. No patches have been linked yet, and no known exploits are reported in the wild, indicating the vulnerability is newly disclosed. The attack vector involves leveraging insufficient input validation or sanitization in the Endpoint Manager’s web interface or API endpoints, allowing crafted SQL payloads to bypass filters and access sensitive database information. This can lead to exposure of sensitive configuration data, credentials, or other protected information stored in the database. Organizations relying on Ivanti Endpoint Manager for endpoint management and security operations could face data breaches if attackers exploit this vulnerability. Given the product’s role in managing endpoints, unauthorized data access could facilitate further lateral movement or privilege escalation within enterprise networks.

For European organizations, the primary impact is unauthorized disclosure of sensitive data managed by Ivanti Endpoint Manager, potentially including endpoint configurations, user credentials, or security policies. This breach of confidentiality can undermine trust, violate data protection regulations such as GDPR, and expose organizations to compliance penalties. Since the vulnerability requires authenticated access, the risk is heightened if attackers gain credentials through phishing, insider threats, or credential stuffing. The lack of impact on integrity and availability reduces the risk of system disruption but does not mitigate the seriousness of data exposure. Organizations in sectors with stringent data privacy requirements—such as finance, healthcare, and government—face increased reputational and regulatory risks. Additionally, attackers leveraging exposed data could facilitate subsequent attacks, including lateral movement or privilege escalation, increasing overall organizational risk.

1. Apply patches promptly once Ivanti releases them for the affected Endpoint Manager versions. 2. Until patches are available, restrict access to the Endpoint Manager interface to trusted administrators only, using network segmentation and VPNs. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Monitor database query logs and application logs for unusual or suspicious SQL queries indicative of injection attempts. 5. Conduct regular audits of user accounts and permissions to minimize the number of users with access to the Endpoint Manager. 6. Implement Web Application Firewalls (WAFs) with rules designed to detect and block SQL injection payloads targeting the Endpoint Manager. 7. Educate administrators about phishing and credential security to prevent unauthorized access. 8. Review and harden input validation and sanitization controls in custom integrations or scripts interacting with the Endpoint Manager database.