Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Feb 26, 2026
CVE-2025-13659
CVE-2025-13659
Description
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Affected products
2<2024 SU4 SR1+ 1 more
- (no CPE)range: <2024 SU4 SR1
- (no CPE)range: 2024 SU4 SR1
Patches
Vulnerability mechanics
References
1News mentions
1- SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDLwatchTowr Labs · Dec 10, 2025