VYPR
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Feb 26, 2026

CVE-2025-13659

CVE-2025-13659

Description

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

1