CVE-2025-22464
Medium
Published: 08 April 2025
Published
08 April 2025
Modified
16 May 2025
KEV Added
—
Patch
—
CVSS Score v3.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score
0.0023
45.8th percentile
Risk Priority
12
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-22464 is a medium-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10299
Vulnerability details
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
ivanti
endpoint manager
2022, 2024 · ≤ 2022
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.