Login Sign Up

CVE-2025-62391

6.5 MEDIUM
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations using Ivanti EPM versions before 2024 SU5 are affected by this data exposure risk.

💻 Affected Systems

Products:
  • Ivanti Endpoint Manager
Versions: All versions before 2024 SU5
Operating Systems: All supported OS platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the EPM web interface

📦 What is this software?

Endpoint Manager by Ivanti

View all CVEs affecting Endpoint Manager →

Endpoint Manager by Ivanti

View all CVEs affecting Endpoint Manager →

Endpoint Manager by Ivanti

View all CVEs affecting Endpoint Manager →

Endpoint Manager by Ivanti

View all CVEs affecting Endpoint Manager →

Endpoint Manager by Ivanti

View all CVEs affecting Endpoint Manager →

Endpoint Manager by Ivanti

View all CVEs affecting Endpoint Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive data including credentials, configuration details, and endpoint information, potentially leading to lateral movement and full system compromise.

🟠

Likely Case

Authenticated attackers reading sensitive configuration data, user information, or endpoint details from the database.

🟢

If Mitigated

Limited data exposure with proper authentication controls and database permissions restricting sensitive data access.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and SQL injection knowledge

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024 SU5 or later

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025

Restart Required: No

Instructions:

1. Download Ivanti EPM 2024 SU5 or later from the Ivanti portal. 2. Follow standard Ivanti EPM upgrade procedures. 3. Verify successful installation and functionality.

🔧 Temporary Workarounds

Restrict Database Access

all

Implement least privilege database permissions to limit what authenticated users can access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate EPM servers
  • Enhance authentication controls and monitor for suspicious database queries

🔍 How to Verify

Check if Vulnerable:

Check Ivanti EPM version in the web interface under Help > About

Check Version:

Check web interface or use Ivanti EPM management console

Verify Fix Applied:

Confirm version is 2024 SU5 or later and test SQL injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual database query patterns from EPM web interface
  • Multiple failed SQL injection attempts in web logs

Network Indicators:

  • Unusual database traffic from EPM servers
  • Suspicious SQL patterns in HTTP requests

SIEM Query:

source="epm_web_logs" AND (sql OR union OR select OR from OR where) AND status=200

📊 Metadata

CVE ID: CVE-2025-62391
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-89
EPSS Score: 0.31% exploit probability (54th percentile)
Published: October 13, 2025
Last Updated: February 10, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62391, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)