Critical Vulnerabilities in Ivanti Endpoint Management
Executive Summary
On October 7, 2025, the Zero Day Initiative (ZDI) by Trend Micro publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Management, including twelve remote code execution (RCE) flaws and one local privilege escalation bug. These issues were privately reported to Ivanti between November 2024 and June 2025 but were still unresolved when they were publicly disclosed. ZDI did not provide technical details or public proof-of-concept (PoC) exploit code but did list the vulnerable endpoints.
Ivanti Endpoint Management devices are deployed internet facing by design and can provide attackers initial access into an organization network. While there are at time of writing no reports of these vulnerabilities being used in the wild, Beazley Security expects threat actors to analyze the reported vulnerable endpoints to reverse engineer the vulnerabilities and deploy their own weaponized exploits soon.
As of writing this advisory, no patches or mitigations have been released for any of the 13 vulnerabilities, and Beazley Security recommends affected organizations restrict access to their Ivanti Endpoint Management devices until fixes are available.
Affected Systems and Products
All thirteen reported vulnerabilities were reported to affect Ivanti Endpoint Manager appliances. At time of writing, Ivanti had not released their own advisory or security patches, so all available versions of Endpoint Manager are affected.
Mitigations and Workarounds
No vendor mitigations or workarounds have been provided at time of writing, and Beazley Security recommends fully restricting access to affected devices until security fixes are available.
Patches
No vendor provided patches were available at time of writing.
How Beazley Security is Responding
Beazley Security is monitoring client perimeter devices through our Exposure Management Platform to identify impacted devices and support organizations in remediation of any issues found.
We are also conducting threat hunts across our MDR environment to detect potential exploitation attempts against our clients.
If you believe your organization may have been impacted by this attack campaign and need support, please contact our Incident Response team.
Sources
Aware of an incident impacting your industry? Let us know: