CVE-2025-22458: DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
7.8
CVSS
Description
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
Classification
CVE ID: CVE-2025-22458
CVSS Base Severity: HIGH
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-427 Uncontrolled Search Path ElementAffected Products
Vendor: Ivanti
Product: Endpoint Manager
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 8.67% (scored less or equal to compared to others)
EPSS Date: 2025-04-21 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-22458https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6