Ivanti security patch release for CVE-2025-13659
Security Patch Release
Summary
Hide ▲
Show ▼
Ivanti released security updates for Endpoint Manager to address three high-severity vulnerabilities, including two flaws that could enable unauthenticated code execution on unpatched systems. The bundle includes CVE-2025-13659 and CVE-2025-13662. Exploitation still requires user interaction and contact with an untrusted core server or untrusted configuration files.
Related Happenings
Citrix security patch release for CVE-2026-13474
Security Patch Release
H score35
First: 01.07.2026 06:54
Last: 01.07.2026 06:54
Sources 1
About this happening:
**Citrix** released security updates for **NetScaler ADC** and **NetScaler Gateway** to fix **six vulnerabilities** that could enable **arbitrary file reads** or **denial of servi...
Citrix security patch release for CVE-2026-13474
Security Patch ReleaseAbout this happening: **Citrix** released security updates for **NetScaler ADC** and **NetScaler Gateway** to fix **six vulnerabilities** that could enable **arbitrary file reads** or **denial of servi...
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Splunk Enterprise security update for CVE-2026-20253
Security Patch Release
H score52
First: 13.06.2026 16:23
Last: 13.06.2026 16:23
Sources 1
About this happening:
**Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Splunk Enterprise security update for CVE-2026-20253
Security Patch ReleaseAbout this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch Release
H score54
First: 10.06.2026 09:26
Last: 10.06.2026 09:26
Sources 1
About this happening:
**Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch ReleaseAbout this happening: **Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation Wave
H score56
First: 28.05.2026 18:26
Last: 28.05.2026 18:26
Sources 1
About this happening:
**CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
Timeline
-
09.12.2025 19:10 2 articles · 7mo ago
Ivanti releases Endpoint Manager fixes for critical flaws
Mitigation Patch UpdateIvanti warned customers to patch CVE-2025-10573 in Endpoint Manager (EPM) and released security updates for three high-severity vulnerabilities, including CVE-2025-13659 and CVE-2025-13662, which could allow unauthenticated attackers to execute arbitrary JavaScript or arbitrary code on unpatched systems when user interaction and untrusted inputs are involved. Ivanti said CVE-2025-10573 is a stored XSS flaw in versions prior to 2024 SU4 SR1, that the vulnerabilities were disclosed through its responsible disclosure program, and that it has not found evidence of exploitation in attacks. Shadowserver was tracking hundreds of Internet-facing Ivanti EPM instances, including systems in the United States, Germany, and Japan.
Show sources
- Ivanti warns of critical Endpoint Manager code execution flaw — www.bleepingcomputer.com — 09.12.2025 19:10
- .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL — thehackernews.com — 10.12.2025 21:21