CVE-2025-13661

Publication date

2025-12-09 16:01:18

Family

ivanti

State

PUBLISHED

Description

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.