Cyber Posture

CVE-2025-13659

High

Published: 09 December 2025

Published
09 December 2025
Modified
11 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0117 78.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13659 is a high-severity Improper Control of Dynamically-Managed Code Resources (CWE-913) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely patching of Ivanti Endpoint Manager to version 2024 SU4 SR1 as specified in the vendor advisory.

SI-5 Security Alerts, Advisories, and Directives partial match
prevent

Ensures receipt and dissemination of security advisories like the Ivanti advisory for CVE-2025-13659 to enable prompt flaw remediation.

SI-7 Software, Firmware, and Information Integrity partial match
preventdetect

Verifies integrity of software, firmware, and information to detect unauthorized file writes and prevent execution of malicious code from exploited dynamic resources.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote, unauthenticated attackers to exploit a public-facing application in Ivanti Endpoint Manager for arbitrary file writes leading to potential RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

Deeper analysisAI

CVE-2025-13659 involves improper control of dynamically managed code resources (CWE-913) in Ivanti Endpoint Manager versions prior to 2024 SU4 SR1. Published on 2025-12-09, the vulnerability enables a remote, unauthenticated attacker to write arbitrary files on the server, with potential for remote code execution, and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H).

The attack requires user interaction to succeed, allowing a remote, unauthenticated attacker to exploit the flaw over the network with low complexity. Successful exploitation grants the ability to write arbitrary files on the affected server, which could escalate to remote code execution depending on the files written and server configuration.

Ivanti has issued a security advisory addressing this vulnerability, available at https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024, which provides details on mitigations and patches.

Details

CWE(s)
CWE-913

Affected Products

ivanti
endpoint manager
2024 · ≤ 2024

CVEs Like This One

CVE-2025-9713Same product: Ivanti Endpoint Manager
CVE-2024-13162Same product: Ivanti Endpoint Manager
CVE-2025-9872Same product: Ivanti Endpoint Manager
CVE-2026-8111Same product: Ivanti Endpoint Manager
CVE-2024-13163Same product: Ivanti Endpoint Manager
CVE-2026-1603Same product: Ivanti Endpoint Manager
CVE-2024-13166Same product: Ivanti Endpoint Manager
CVE-2024-13165Same product: Ivanti Endpoint Manager
CVE-2025-9712Same product: Ivanti Endpoint Manager
CVE-2024-13158Same product: Ivanti Endpoint Manager

References