Vulnerabilities > CVE-2025-22464 - Untrusted Pointer Dereference vulnerability in Ivanti Endpoint Manager

CVSS 6.1 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

local

low complexity

ivanti

CWE-822

NVD

Published: 2025-04-08

Updated: 2025-05-16

Summary

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Endpoint Manager 2022 Ivanti Endpoint Manager 7.9.1.285 Ivanti Endpoint Manager 2016.4 Ivanti Endpoint Manager 2017.1 Ivanti Endpoint Manager 2017.3 Ivanti Endpoint Manager 2018.1 Ivanti Endpoint Manager 2018.3 Ivanti Endpoint Manager 2019.1 Ivanti Endpoint Manager 2020.1 Ivanti Endpoint Manager 2020.1.1 Ivanti Endpoint Manager 2021.1 Ivanti Endpoint Manager 2021.1.1 Ivanti Endpoint Manager 2024	22

Common Weakness Enumeration (CWE)

CWE-822 - Untrusted Pointer Dereference

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6