Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Ivanti Endpoint Manager

10 December 2025

Ivanti has released security updates to address a critical vulnerability in their Endpoint Manager (EPM) product. Users and administrators of affected product versions are advised to update to the latest version immediately.

Background

Ivanti has released security updates to address a critical vulnerability in their Endpoint Manager (EPM) product (CVE-2025-10573). 

Impact

Successful exploitation of this vulnerability could allow a remote, unauthenticated attacker to execute arbitrary JavaScript code in the context of an administrator session via a Cross-Site Scripting (XSS) attack that requires user interaction.

Affected Products

The vulnerabilities affects the Ivanti Endpoint Manager prior to version 2024 SU4 SR1.

Mitigation

Users and administrators of affected products are advised to update the affected products to the latest version immediately.

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024?language=en_US

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-endpoint-manager-code-execution-flaw/

https://nvd.nist.gov/vuln/detail/CVE-2025-10573

Back to top