嗯,用户让我帮忙总结一篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写文章描述就行。首先,我需要仔细阅读这篇文章,理解其主要内容。 文章标题是“Ivanti warns customers of new EPM flaw enabling remote code execution”,看起来是关于Ivanti公司发布的一个漏洞警告。接着,作者是Pierluigi Paganini,日期是2025年12月9日。文章内容提到Ivanti警告用户解决一个新披露的Endpoint Manager漏洞,这个漏洞可能让攻击者远程执行代码。 然后,文章详细说明了这个漏洞的细节:CVE编号是CVE-2025-10573,CVSS评分9.6分,属于严重漏洞。这是一个存储型XSS漏洞(Stored XSS),允许远程未认证的攻击者在管理员会话中执行任意JavaScript代码。用户交互是必须的。 受影响的版本是Ivanti Endpoint Manager 2024 SU4 SR1之前的版本。Ivanti EPM是一个广泛使用的远程管理和漏洞管理解决方案,允许认证管理员控制和安装软件在终端上,因此成为攻击者的吸引目标。 Rapid7的研究人员警告说,攻击者可以注册虚假的终端到Ivanti EPM,并注入恶意JavaScript到管理员仪表盘。当管理员查看被污染的界面时,脚本会执行,导致攻击者劫持管理员会话。这个漏洞不需要认证就能利用,因此组织被敦促立即修补。 Rapid7报告中提到攻击者可以通过未认证访问的主要EPM网络服务注册虚假设备到服务器,并污染管理员仪表盘。当管理员查看被污染界面时,被动用户交互触发JavaScript执行,导致攻击者控制管理员会话。 此外,Rapid7研究人员指出未认证的incomingdata API接受设备扫描数据并写入处理目录中,这些数据稍后会被解析并在管理员仪表盘上显示。攻击者可以提交包含恶意JavaScript的扫描数据,在界面中嵌入脚本。当管理员查看受影响页面时,脚本执行并劫持会话。 最后提到Ivanti目前没有发现利用此漏洞的实际攻击案例,并且CISA在三月份将多个EPM漏洞加入其已知被利用的漏洞目录。 现在我需要将这些信息浓缩到100字以内,并且不使用特定开头词。重点包括:Ivanti警告Endpoint Manager存在严重漏洞(CVE-2025-10573),CVSS 9.6分;这是一个存储型XSS漏洞;允许未认证攻击者注入恶意脚本;影响版本为2024 SU4 SR1之前;Rapid7指出攻击者可注册虚假设备并污染仪表盘;劫持管理员会话;尚未有已知利用案例。 </think> Ivanti警告Endpoint Manager存在严重漏洞(CVE-2025-10573),CVSS评分9.6分。该存储型XSS漏洞允许未认证攻击者注入恶意脚本至管理员仪表盘,在用户交互后劫持会话。影响版本为2024 SU4 SR1前。Rapid7指出攻击者可注册虚假设备并污染界面以获取控制权。目前无已知利用案例。 2025-12-9 22:11:33 Author: securityaffairs.com(查看原文) 阅读量:5 收藏
Ivanti warns customers of new EPM flaw enabling remote code execution
Pierluigi Paganini
December 09, 2025
Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely.
Software firm Ivanti addressed a newly disclosed vulnerability, tracked as CVE-2025-10573 (CVSS score 9.6), in its Endpoint Manager (EPM) solution.
The vulnerability is a Stored XSS that could allow a remote unauthenticated attacker to execute arbitrary
“Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.” reads the advisory.
The flaw impacts Ivanti Endpoint Manager prior to version 2024 SU4 SR1.
Ivanti EPM is a widely used solution for remote administration and vulnerability management. It lets authenticated admins control and install software on endpoints, making it an attractive target for attackers.
Rapid7 researchers warn that an unauthenticated attacker can register fake endpoints with Ivanti EPM and inject malicious JavaScript into the admin dashboard. When an administrator views the poisoned interface, the script executes and lets the attacker hijack the admin session. Because this flaw requires no authentication, organizations are urged to patch immediately.
“An attacker with unauthenticated access to the primary EPM web service can join fake managed endpoints to the EPM server in order to poison the administrator web dashboard with malicious JavaScript.” reads the report published by Rapid7. “When an Ivanti EPM administrator views one of the poisoned dashboard interfaces during normal usage, that passive user interaction will trigger client-side JavaScript execution, resulting in the attacker gaining control of the administrator’s session.”
Rapid7 researchers noted that the unauthenticated incomingdata API accepts device scan data and writes it to a processing directory, where it’s later parsed and displayed on the admin dashboard. Attackers can submit scans containing malicious JavaScript, which is then embedded into the interface. When an admin views affected pages, the script executes and lets the attacker hijack the session. This occurs because the CGI handler (postcgi.exe) processes key=value scan files without sanitizing input.
Ivanti is not aware of attacks in the wild exploiting this vulnerability.
In March, the U.S. cybersecurity agency CISA added multiple EPM vulnerabilities (CVE-2024-13159, CVE-2024-13160, CVE-2024-13161) to its Known Exploited Vulnerabilities (KEV) catalog
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Ivanti EPM)
如有侵权请联系:admin#unsafe.sh