PatchSiren cyber security CVE debrief
CVE-2024-13159 Ivanti CVE debrief
CVE-2024-13159 is an Ivanti Endpoint Manager (EPM) absolute path traversal vulnerability. CISA added the issue to its Known Exploited Vulnerabilities (KEV) catalog on 2025-03-10, which means defenders should treat it as a high-priority remediation item. The public sources provided here do not include a CVSS score, and the most actionable guidance is to follow vendor mitigation instructions and, where applicable, CISA’s remediation guidance for KEV-listed vulnerabilities.
- Vendor
- Ivanti
- Product
- Endpoint Manager (EPM)
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-03-10
- Original CVE updated
- 2025-03-10
- Advisory published
- 2025-03-10
- Advisory updated
- 2025-03-10
Who should care
Organizations running Ivanti Endpoint Manager (EPM), especially security and endpoint administration teams responsible for patching, mitigation tracking, and exposure reduction. This is especially important for environments that rely on the product for enterprise endpoint management and for any teams subject to KEV-driven remediation requirements.
Technical summary
The vulnerability is identified as an absolute path traversal issue in Ivanti Endpoint Manager (EPM). The supplied sources do not provide exploit details, affected component internals, or a CVSS score, but CISA’s KEV listing confirms the issue is known to be exploited in the wild. The only confirmed public guidance in the supplied corpus is to apply mitigations per vendor instructions and to follow applicable CISA guidance if mitigations are not available.
Defensive priority
Urgent. KEV inclusion indicates confirmed real-world exploitation, and CISA assigned a remediation due date of 2025-03-31.
Recommended defensive actions
- Apply vendor-provided mitigations or updates for Ivanti Endpoint Manager (EPM) as soon as possible.
- Review Ivanti’s January 2025 EPM security advisory referenced by CISA for product-specific guidance.
- If you operate in an environment where it applies, follow CISA BOD 22-01 remediation requirements for cloud services.
- If effective mitigations are unavailable, consider discontinuing use of the product until a safe remediation path is available.
- Prioritize exposure inventory and verify whether any EPM instances are Internet-facing or otherwise reachable from untrusted networks.
- Track remediation status against the CISA KEV due date of 2025-03-31.
Evidence notes
The supplied corpus identifies CVE-2024-13159 as an Ivanti Endpoint Manager (EPM) absolute path traversal vulnerability and cites CISA’s Known Exploited Vulnerabilities catalog as the authoritative source. CISA metadata states the issue was added on 2025-03-10, with a remediation due date of 2025-03-31, and recommends applying vendor mitigations or discontinuing use if mitigations are unavailable. No CVSS score or deeper exploit narrative was included in the supplied sources.
Official resources
-
CVE-2024-13159 CVE record
CVE.org
-
CVE-2024-13159 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
CVE published 2025-03-10 and added to CISA KEV on the same date, with remediation due by 2025-03-31. This debrief uses only the supplied source corpus and official reference links.