Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerabilities in Ivanti Endpoint Manager
Alerts

Active Exploitation of Critical Vulnerabilities in Ivanti Endpoint Manager

12 March 2025

Ivanti has released updates addressing critical vulnerabilities in Ivanti Endpoint Manager products. Users and administrators of the affected products are advised to update to the latest versions immediately.

Ivanti has released updates addressing critical vulnerabilities (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) in Ivanti Endpoint Manager appliances. The vulnerabilities are reportedly being actively exploited and have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the absolute path traversal vulnerabilities could allow an unauthenticated attacker to leak sensitive data remotely.

The vulnerabilities affect the following Ivanti Endpoint Manager versions:

  • 2024 November security update and prior 

  • 2022 SU6 November security update and prior

Users and administrators of the affected products are advised to update to the latest versions immediately. 

More information is available here:

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US

https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/

https://nvd.nist.gov/vuln/detail/CVE-2024-13159

https://nvd.nist.gov/vuln/detail/CVE-2024-13160

https://nvd.nist.gov/vuln/detail/CVE-2024-13161

Back to top