CVE-2025-62390 is an SQL injection vulnerability classified under CWE-89 affecting Ivanti Endpoint Manager versions 2024 SU3 SR1 and 2022 SU8 SR2. The flaw arises from improper neutralization of special elements in SQL commands, allowing a remote authenticated attacker to inject malicious SQL queries. This enables unauthorized reading of arbitrary data from the underlying database, compromising confidentiality. The vulnerability requires the attacker to have valid credentials (low privilege) but does not require user interaction, making exploitation relatively straightforward once authenticated. The CVSS 3.1 base score is 6.5, reflecting medium severity due to the confidentiality impact and ease of exploitation. The attack vector is network-based, with low attack complexity and no requirement for user interaction. There are no known exploits in the wild yet, and no patches have been publicly released at the time of publication. The vulnerability could expose sensitive organizational data managed by Ivanti Endpoint Manager, which is widely used for endpoint management and security operations. The lack of integrity or availability impact means the system’s operation remains intact, but data confidentiality is at risk. The vulnerability highlights the need for secure coding practices, particularly input validation and parameterized queries in database interactions.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive data stored within Ivanti Endpoint Manager databases. Since the product is used for managing endpoints and security policies, leaked data could include configuration details, user information, or security controls, potentially aiding further attacks. Confidentiality breaches could lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. The requirement for authenticated access limits exposure but insider threats or compromised credentials could be leveraged by attackers. Organizations in sectors with high reliance on endpoint management tools—such as finance, healthcare, government, and critical infrastructure—face elevated risks. The absence of known exploits reduces immediate threat but does not eliminate the risk of future attacks. The medium severity rating suggests prioritizing remediation but not emergency response. Overall, the vulnerability could undermine trust in endpoint management security and complicate incident response efforts if exploited.

1. Monitor Ivanti’s official channels for patches addressing CVE-2025-62390 and apply them promptly once available. 2. Until patches are released, restrict access to Ivanti Endpoint Manager interfaces to trusted networks and enforce strong authentication mechanisms, including multi-factor authentication. 3. Review and tighten user privileges to ensure minimal necessary access, reducing the risk from compromised or malicious insiders. 4. Implement network segmentation to isolate management consoles from general user networks. 5. Conduct thorough input validation and adopt parameterized queries or prepared statements in any custom integrations with the Ivanti Endpoint Manager database. 6. Enable detailed logging and monitoring of database queries and administrative actions to detect suspicious activity indicative of SQL injection attempts. 7. Perform regular security assessments and penetration tests focusing on authentication and input handling in Ivanti Endpoint Manager deployments. 8. Educate administrators on the risks of SQL injection and the importance of credential security. 9. Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block SQL injection patterns targeting the management interface.