Cyber Resilience

CVE-2024-13163

High

Published: 14 January 2025

Published
14 January 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.3228 97.0th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13163 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a deserialization of untrusted data flaw, tracked as CWE-502, that affects Ivanti EPM prior to the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update. It carries a CVSS 3.1 base score of 7.8 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

A remote unauthenticated attacker can leverage the issue to obtain remote code execution on affected systems, although successful exploitation requires local user interaction.

The referenced Ivanti security advisory describes the January 2025 updates that address the flaw in both the 2024 and 2022 SU6 release streams. The associated EPSS score has remained flat at 0.3228 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Deserialization flaw enables unauthenticated RCE; directly maps to public-facing app exploitation (T1190) and client-side execution via malicious input (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-13659Same product: Ivanti Endpoint Manager
CVE-2024-13162Same product: Ivanti Endpoint Manager
CVE-2026-8111Same product: Ivanti Endpoint Manager
CVE-2025-9872Same product: Ivanti Endpoint Manager
CVE-2025-9713Same product: Ivanti Endpoint Manager
CVE-2024-13167Same product: Ivanti Endpoint Manager
CVE-2024-13158Same product: Ivanti Endpoint Manager
CVE-2024-13165Same product: Ivanti Endpoint Manager
CVE-2025-9712Same product: Ivanti Endpoint Manager
CVE-2024-13166Same product: Ivanti Endpoint Manager

Affected Assets

ivanti
endpoint manager
2022, 2024 · ≤ 2022

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the deserialization of untrusted data vulnerability by requiring timely application of Ivanti's January 2025 security patches for EPM.

prevent

Prevents exploitation of CWE-502 by enforcing validation and error handling of untrusted input data prior to deserialization.

prevent

Mitigates remote code execution from deserialization exploits through memory protections like DEP and ASLR.

References