CVE-2025-10986: 
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation

Path traversal vulnerability (CVE-2025-10986) was discovered in the admin panel of Ivanti Endpoint Manager Mobile (EPMM) affecting versions before 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability was disclosed on October 14, 2025, and allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk (NVD).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received a CVSS v3.1 base score of 4.7 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) from the vendor. The National Vulnerability Database (NVD) assessed it with a slightly higher CVSS score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L) (NVD).

The vulnerability allows authenticated administrators to write data in unintended locations on disk, potentially leading to system compromise. The impact is considered medium severity due to the requirement of administrative privileges, but could result in unauthorized data manipulation and partial system availability issues (CIS Advisory).

Ivanti has released security updates to address this vulnerability. Organizations should upgrade to EPMM version 12.6.0.2, 12.5.0.4, or 12.4.0.4 or later versions. The vendor recommends immediate patching after appropriate testing (CIS Advisory).