Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-7037: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Ivanti Endpoint Manager

High
VulnerabilityCVE-2025-7037cvecve-2025-7037cwe-89
Published: Tue Jul 08 2025 (07/08/2025, 14:54:42 UTC)
Source: CVE Database V5
Vendor/Project: Ivanti
Product: Endpoint Manager

Description

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

Technical Details

Data Version
5.1
Assigner Short Name
ivanti
Date Reserved
2025-07-02T20:01:55.610Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686d34a96f40f0eb72f7c5d4

Added to database: 7/8/2025, 3:09:29 PM

Last updated: 7/8/2025, 3:09:29 PM

Views: 1

Related Threats

CVE-2025-53372: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in alfonsograziano node-code-sandbox-mcp

High
VulnerabilityTue Jul 08 2025

CVE-2025-3630: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Sterling B2B Integrator

Medium
VulnerabilityTue Jul 08 2025

CVE-2025-7183: SQL Injection in Campcodes Sales and Inventory System

Medium
VulnerabilityTue Jul 08 2025

CVE-2025-6770: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Ivanti Endpoint Manager Mobile

High
VulnerabilityTue Jul 08 2025

CVE-2025-5463: CWE-532 Insertion of Sensitive Information into Log File in Ivanti Connect Secure

Medium
VulnerabilityTue Jul 08 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats