CVE-2025-9713 is a path traversal vulnerability categorized under CWE-22 affecting Ivanti Endpoint Manager versions prior to 2024 SU4. The flaw arises from improper limitation of pathname inputs, allowing an attacker to traverse directories outside of the intended restricted directory. This can be exploited remotely without authentication, though it requires user interaction, such as clicking a malicious link or opening a crafted file. Successful exploitation enables remote code execution (RCE), granting the attacker the ability to execute arbitrary code with the privileges of the Ivanti Endpoint Manager service. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high severity due to network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact covers confidentiality, integrity, and availability, as attackers can potentially access sensitive data, modify system configurations, or disrupt endpoint management operations. Ivanti Endpoint Manager is widely deployed in enterprise environments for managing and securing endpoints, making this vulnerability particularly critical. No public exploits have been reported yet, but the potential for exploitation is significant given the ease of attack and the critical nature of the product. The vulnerability was reserved in late August 2025 and published in October 2025, with no patch links currently available, indicating that organizations must monitor Ivanti advisories closely for updates.

The vulnerability allows remote unauthenticated attackers to execute arbitrary code on systems running vulnerable versions of Ivanti Endpoint Manager, potentially leading to full system compromise. This can result in unauthorized access to sensitive organizational data, disruption of endpoint management services, and lateral movement within corporate networks. The high CVSS score reflects the severe impact on confidentiality, integrity, and availability. Organizations relying on Ivanti Endpoint Manager for endpoint security and management face increased risk of targeted attacks, especially in sectors with high-value data or critical infrastructure. Exploitation could facilitate ransomware deployment, data exfiltration, or sabotage of IT operations. The requirement for user interaction slightly reduces the risk but does not eliminate it, as social engineering or phishing could be used to trigger the exploit. The absence of known exploits in the wild currently provides a window for proactive defense, but the vulnerability’s characteristics make it likely to be targeted once exploit code becomes available.

Organizations should immediately inventory their Ivanti Endpoint Manager deployments to identify vulnerable versions prior to 2024 SU4. They should monitor Ivanti’s official channels for the release of security patches and apply them promptly once available. Until patches are deployed, restrict network access to the Ivanti Endpoint Manager interfaces using firewalls and network segmentation to limit exposure. Implement strict input validation and endpoint protection measures to detect and block attempts to exploit path traversal. Educate users about the risks of interacting with unsolicited links or files to reduce the likelihood of successful user interaction exploitation. Employ intrusion detection and prevention systems (IDS/IPS) with updated signatures to detect suspicious activity related to path traversal or remote code execution attempts. Regularly review logs for anomalous behavior indicative of exploitation attempts. Consider deploying application whitelisting and privilege restrictions on systems running Ivanti Endpoint Manager to limit the impact of potential code execution. Finally, integrate this vulnerability into incident response plans to ensure rapid containment if exploitation is detected.