CVE-2025-9712
Published: 09 September 2025
Summary
CVE-2025-9712 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Insufficient filename validation affects Ivanti Endpoint Manager versions prior to 2024 SU3 SR1 and 2022 SU8 SR2. The flaw, tracked as CWE-434, permits remote code execution when an attacker supplies a crafted filename, as reflected in the CVSS 8.8 vector that requires network access and user interaction but no authentication.
A remote unauthenticated attacker can leverage the issue to execute arbitrary code on the target system once a user performs the required interaction, resulting in full compromise of confidentiality, integrity, and availability.
The referenced Ivanti security advisory for September 2025 directs customers to apply the fixed releases 2024 SU3 SR1 and 2022 SU8 SR2. The associated EPSS score has remained flat at 0.0280 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-27416
Vulnerability details
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-434 filename validation flaw directly enables RCE on a network-accessible management server (T1190); exploitation requires tricking a user into opening a malicious file (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely identification, reporting, and patching of the insufficient filename validation flaw in Ivanti Endpoint Manager directly remediates CVE-2025-9712 as specified in the vendor advisory.
Validates filenames from external remote unauthenticated sources to block malicious inputs that could trigger remote code execution.
Implements memory protections such as DEP and ASLR to mitigate arbitrary code execution resulting from insufficient filename validation.