CVE-2025-62385 is an SQL injection vulnerability classified under CWE-89 affecting Ivanti Endpoint Manager versions 2024 SU3 SR1 and 2022 SU8 SR2. The flaw arises from improper neutralization of special elements in SQL commands, allowing remote authenticated attackers to inject malicious SQL queries. This enables unauthorized reading of arbitrary data from the backend database, compromising confidentiality. The attack vector is network-based, requiring low attack complexity and no user interaction, but it does require the attacker to have valid user credentials (privileges). The vulnerability does not impact data integrity or system availability. Ivanti Endpoint Manager is widely used for endpoint management, patching, and IT asset management, making the exposure of sensitive data potentially impactful. No known public exploits or active exploitation in the wild have been reported as of the publication date. The CVSS v3.1 base score is 6.5, reflecting a medium severity rating primarily due to the requirement for authentication and the limited scope of impact to confidentiality. The vulnerability was published on October 13, 2025, and no patches were linked at the time of reporting, indicating organizations should monitor Ivanti advisories closely for remediation updates.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive data stored in Ivanti Endpoint Manager databases, including potentially sensitive endpoint management information, user credentials, or configuration details. This could lead to further targeted attacks, espionage, or compliance violations under regulations such as GDPR. The requirement for authentication reduces the risk from external attackers but insider threats or compromised credentials could be leveraged. Organizations in sectors with high regulatory scrutiny or critical infrastructure reliance on Ivanti Endpoint Manager are particularly vulnerable. The impact on confidentiality could undermine trust and operational security, but since integrity and availability are unaffected, direct disruption or data manipulation risks are lower.

Organizations should immediately review access controls to Ivanti Endpoint Manager, ensuring that only authorized personnel have access and that strong authentication mechanisms (e.g., MFA) are enforced to reduce the risk of credential compromise. Network segmentation and firewall rules should restrict access to the management interface to trusted networks and users only. Monitor logs for unusual database query patterns that may indicate attempted exploitation. Since no patches were available at the time of disclosure, organizations should track Ivanti’s security advisories for prompt application of any forthcoming updates addressing this vulnerability. Additionally, conduct regular credential audits and consider implementing database activity monitoring to detect anomalous access. Employing web application firewalls (WAFs) with SQL injection detection capabilities may provide temporary protection. Finally, educate administrators about the risks of credential theft and the importance of secure password practices.