V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2025-6996
CVE
High

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local au…

CVSS
8.4
High
EPSS
0.00
p8
Published
2025-01-01
Updated
2025-01-01
Description

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

Tags · CWE
CWE-257
CAPEC-49
Affected products
Endpoint_manager < 2022Endpoint_manager
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: C
Changed (C)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.002 · p8
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-49 · CWE-257
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
endpoint_manager*Tracked
Source databases
CVE