Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 31, 2025

CVE-2024-13161

High
EPSS 92.6%CISA KEV
Ivanti/Endpoint Manager (EPM)

Description

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

EPSS — Exploit Probability

92.6%

Higher than 99.7% of all CVEs

Required Action

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13161

Related Articles (1)

Malware & Threats

CISA: Recently patched Ivanti EPM flaw now actively exploited

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

Mar 10, 2026

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
92.6%
CISA KEV
Yes
Ransomware
Unknown
Articles
1

Timeline

Published

Mar 10, 2025

Added to KEV

Mar 10, 2025

Remediation Due

Mar 31, 2025

Affected Product

Ivanti

Endpoint Manager (EPM)

View all Ivanti CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE