CVE-2025-62390 is an SQL injection vulnerability identified in Ivanti Endpoint Manager, specifically affecting versions 2024 SU3 SR1 and 2022 SU8 SR2. The flaw stems from improper neutralization of special characters in SQL commands (CWE-89), which allows a remote attacker who has authenticated access to the system to execute crafted SQL queries. This enables the attacker to read arbitrary data from the backend database, potentially exposing sensitive information stored within the Endpoint Manager environment. The vulnerability does not require user interaction but does require valid credentials, limiting the attack surface to insiders or attackers who have compromised legitimate accounts. The CVSS v3.1 score is 6.5 (medium severity), reflecting the high confidentiality impact but no impact on integrity or availability. No public exploits or active exploitation have been reported as of the publication date (October 13, 2025). The lack of available patches at the time of disclosure necessitates immediate risk mitigation through access controls and monitoring. Ivanti Endpoint Manager is widely used for endpoint management and security policy enforcement, making this vulnerability significant for organizations relying on it for IT operations and security compliance.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive data managed within Ivanti Endpoint Manager databases. Since the attack requires authenticated access, the threat is higher from insider threats or compromised credentials. Confidentiality breaches could expose sensitive endpoint configurations, user data, or security policies, potentially aiding further attacks or compliance violations under GDPR. Although the vulnerability does not affect system integrity or availability, the exposure of confidential data can lead to reputational damage, regulatory fines, and operational disruptions. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and government, are particularly vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. The medium severity rating suggests prioritizing remediation but indicates that the vulnerability is not trivially exploitable by unauthenticated or remote attackers.

1. Apply official patches from Ivanti as soon as they become available to address the SQL injection flaw directly. 2. Until patches are released, restrict access to the Ivanti Endpoint Manager interface to trusted networks and users using network segmentation and firewall rules. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Monitor database query logs and application logs for unusual or suspicious SQL queries that may indicate exploitation attempts. 5. Conduct regular audits of user accounts and permissions to ensure least privilege principles are enforced. 6. Implement intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting SQL injection attempts. 7. Educate administrators and users about phishing and credential theft risks to minimize the chance of account compromise. 8. Consider deploying Web Application Firewalls (WAF) with SQL injection detection capabilities in front of the management interface. 9. Review and harden database configurations to limit the scope of data accessible via the Endpoint Manager application. 10. Prepare incident response plans to quickly address any detected exploitation attempts.