CVE-2025-9713 is a path traversal vulnerability classified under CWE-22 affecting Ivanti Endpoint Manager versions before 2024 SU4. The flaw arises from improper limitation of pathname inputs, allowing an attacker to traverse directories outside the intended restricted directory. This can be exploited remotely without authentication, but requires user interaction, such as clicking a malicious link or opening a crafted file. Successful exploitation enables remote code execution (RCE), granting the attacker the ability to execute arbitrary code with the privileges of the Endpoint Manager service, potentially leading to full system compromise. The vulnerability's CVSS 3.1 score of 8.8 indicates high severity, with network attack vector, low attack complexity, no privileges required, but user interaction necessary. Although no exploits are currently known in the wild, the impact on confidentiality, integrity, and availability is severe, as attackers can manipulate system files or deploy malware. Ivanti Endpoint Manager is widely used in enterprise environments for endpoint management, making this vulnerability particularly critical for organizations relying on it for device and security management. The lack of available patches at the time of reporting necessitates immediate mitigation efforts.

European organizations using Ivanti Endpoint Manager face significant risks from this vulnerability. Successful exploitation could lead to unauthorized access to sensitive data, disruption of endpoint management services, and potential lateral movement within networks. This threatens confidentiality through data exposure, integrity by unauthorized code execution and system modification, and availability by potential service disruption or destruction of endpoint management capabilities. Critical sectors such as finance, healthcare, government, and manufacturing, which rely heavily on endpoint management for security and compliance, are particularly vulnerable. The requirement for user interaction slightly reduces the risk but does not eliminate it, especially in environments with high user exposure to phishing or social engineering. The absence of known exploits currently provides a window for proactive defense, but the high CVSS score underscores the urgency for European organizations to act swiftly.

1. Immediately upgrade Ivanti Endpoint Manager to version 2024 SU4 or later once available to apply the official patch. 2. Until patching is possible, restrict network access to the Endpoint Manager interface using firewalls and network segmentation to limit exposure to untrusted networks. 3. Implement strict endpoint security policies to reduce the likelihood of successful user interaction with malicious content, including enhanced email filtering, user awareness training focused on phishing and social engineering, and application whitelisting. 4. Monitor Endpoint Manager logs and network traffic for unusual activity indicative of exploitation attempts, such as unexpected file access or execution patterns. 5. Employ endpoint detection and response (EDR) solutions to detect and block suspicious behaviors related to code execution or file system traversal. 6. Review and harden user privileges and service accounts associated with Endpoint Manager to minimize the impact of potential compromise. 7. Establish incident response procedures specifically addressing potential exploitation of this vulnerability to enable rapid containment and remediation.