CVE-2025-9872
Published: 09 September 2025
Summary
CVE-2025-9872 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
Insufficient filename validation, tracked as CWE-434, affects Ivanti Endpoint Manager versions prior to 2024 SU3 SR1 and 2022 SU8 SR2. The flaw carries a CVSS 3.1 score of 8.8 with network attack vector, low complexity, no required privileges, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.
A remote unauthenticated attacker can leverage the weakness to achieve remote code execution when the victim performs the necessary interaction, enabling full compromise of the affected endpoint management system.
The referenced Ivanti security advisory for September 2025 directs administrators to apply the listed service releases that correct the filename validation issue in both supported branches. The associated EPSS score remains at 0.0258 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-27288
Vulnerability details
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE via unrestricted file upload (CWE-434) in a remotely accessible management application matches exploitation of public-facing apps.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely remediation of the specific filename validation flaw via patching Ivanti Endpoint Manager to fixed versions.
Requires validation of information inputs such as filenames to prevent exploitation of insufficient filename checks leading to RCE.
Enables identification of this CVE through vulnerability scanning, facilitating prompt patching and risk mitigation.