"One of the flaws allows local attackers to elevate their privileges and was reported to Ivanti in November 2024. The remaining 12 lead to remote code execution (RCE) and were reported in June 2025. While the vulnerabilities are technically not zero-days, ZDI flags all of the unpatched flaws it discloses as '0day'. ZDI's advisories name the vulnerable component and provide a general description of the root cause, but do not contain any other technical details."
"No CVE identifier has been issued for these vulnerabilities, but ZDI notes that all of them are high-severity defects. The most severe of them has a CVSS score of 8.8, one has a CVSS score of 7.8, while the remaining 11 have CVSS scores of 7.2. According to ZDI, the local privilege escalation bug affects the Endpoint Manager's AgentPortal service. It exists because user-supplied input is not properly validated, resulting in deserialization of untrusted data and code execution with System privileges."
Trend Micro's Zero Day Initiative published 13 advisories describing unpatched vulnerabilities in Ivanti Endpoint Manager. One flaw permits local attackers to elevate privileges via the AgentPortal service through deserialization of untrusted data leading to System-level code execution. Twelve flaws enable remote code execution in multiple classes and methods including Report_RunPatch, MP_Report_Run2, DBDR, PatchHistory, MP_QueryDetail2, MP_QueryDetail, MP_VistaReport, Report_Run, GetCountForQuery, and OnSaveToDB. No CVE identifiers exist and ZDI labels all as '0day' while rating them high severity; CVSS scores range from 7.2 to 8.8. Authentication is required for most exploits; the most severe can be triggered with admin credentials or user interaction.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]