CVE-2025-10573 — AI Deep Analysis Summary

🚨 **Essence**: Stored XSS in Ivanti Endpoint Manager (EPM). <br>💥 **Consequences**: Attackers inject malicious JS. Victims (admins) execute code unknowingly. Full system compromise possible.

🛡️ **Root Cause**: **CWE-79** (Stored Cross-Site Scripting). <br>⚠️ **Flaw**: Input validation failure. Unsanitized data stored and rendered in admin context.

📦 **Affected**: Ivanti Endpoint Manager (EPM). <br>📅 **Version**: Before **2024 SU4 SR1**. <br>🏢 **Vendor**: Ivanti (USA).

🕵️ **Hacker Actions**: Execute arbitrary JavaScript. <br>🔓 **Privileges**: As **Admin**. <br>📊 **Data**: Access sensitive endpoint management data. Session hijacking risk.

📉 **Threshold**: **Low**. <br>🔑 **Auth**: None required (PR:N). <br>👀 **UI**: User interaction needed (UI:R). <br>🌐 **Network**: Remote (AV:N).

💣 **Public Exp?**: **No**. <br>📂 **PoCs**: Empty list in data. <br>🌍 **Wild Exp**: Unconfirmed. Monitor for emergence.

🔍 **Self-Check**: Scan for EPM versions < 2024 SU4 SR1. <br>📝 **Features**: Check admin panels for input fields. <br>🛠️ **Tools**: Use XSS scanners on admin interfaces.

✅ **Fixed?**: **Yes**. <br>🩹 **Patch**: Upgrade to **2024 SU4 SR1** or later. <br>📢 **Source**: Ivanti Security Advisory (Dec 2025).

🚧 **No Patch?**: Implement WAF rules. <br>🧹 **Mitigation**: Sanitize inputs manually. <br>👁️ **Monitor**: Alert on admin session anomalies. Limit admin access.

🔥 **Urgency**: **HIGH**. <br>📈 **Priority**: Critical. <br>⚡ **Reason**: CVSS 8.0+. Remote, unauthenticated start. Admin impact. Patch immediately.