Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-7037
CVE-2025-7037:
Ivanti Endpoint Manager vulnerability analysis and mitigation
Overview
A SQL injection vulnerability (CVE-2025-7037) was identified in Ivanti Endpoint Manager affecting versions before 2024 SU3 and 2022 SU8 Security Update 1. The vulnerability was disclosed on July 8, 2025, and was assigned by Ivanti as the CNA (CVE Numbering Authority) (NVD, CVE MITRE).
Technical details
The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). It received a CVSS v3.1 base score of 7.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high privileges required (NVD).
Impact
If exploited, the vulnerability allows a remote authenticated attacker with admin privileges to read arbitrary data from the database, potentially compromising sensitive information stored within the Ivanti Endpoint Manager system (NVD).
Mitigation and workarounds
Ivanti has released security updates to address this vulnerability. Users are advised to upgrade to version 2024 SU3 or 2022 SU8 Security Update 1 or later versions (Vendor Advisory).
Additional resources
Source: This report was generated using AI
Related Ivanti Endpoint Manager vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management