PatchSiren cyber security CVE debrief
CVE-2024-13160 Ivanti CVE debrief
CVE-2024-13160 is a vendor-identified absolute path traversal issue in Ivanti Endpoint Manager (EPM) that CISA added to the Known Exploited Vulnerabilities catalog on 2025-03-10. Because CISA classifies it as known exploited, this should be treated as an urgent remediation item. The supplied corpus directs defenders to apply vendor mitigations per Ivanti's instructions, and to discontinue use of the product if mitigations are unavailable.
- Vendor
- Ivanti
- Product
- Endpoint Manager (EPM)
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-03-10
- Original CVE updated
- 2025-03-10
- Advisory published
- 2025-03-10
- Advisory updated
- 2025-03-10
Who should care
Ivanti Endpoint Manager (EPM) administrators, endpoint management and patch management teams, SOC and incident response staff, and anyone responsible for internet-facing or broadly deployed EPM instances.
Technical summary
The supplied sources identify CVE-2024-13160 as an absolute path traversal vulnerability in Ivanti Endpoint Manager (EPM). CISA's KEV entry marks the issue as known exploited and sets a remediation due date of 2025-03-31. The CISA metadata instructs organizations to apply mitigations per vendor guidance, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The corpus does not include a CVSS score, affected-version list, or patch bulletin, so deployment scope should be confirmed against Ivanti's advisory before and during remediation.
Defensive priority
Immediate / highest priority for any active Ivanti EPM deployment, especially if the service is reachable by untrusted users or supports sensitive endpoint-management operations.
Recommended defensive actions
- Inventory all Ivanti Endpoint Manager (EPM) deployments, including production, test, DR, and externally reachable instances.
- Review the Ivanti security advisory referenced by CISA and apply the vendor's mitigations or updates as directed.
- Treat remediation as urgent and align response with the CISA KEV due date in the supplied timeline (2025-03-31) or sooner.
- If the vendor cannot provide effective mitigations, follow CISA guidance to discontinue use of the product until risk is reduced.
- Review relevant application, authentication, and web access logs for unusual file/path access behavior associated with EPM services, and investigate suspicious activity.
- After remediation, verify that the affected EPM components are no longer exposed to untrusted users and that compensating controls are in place.
Evidence notes
This debrief is grounded in the supplied CISA KEV feed entry for CVE-2024-13160, which names the issue as an 'Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability' and marks it as known exploited. The feed metadata provides the due date, required action, vendor/product context, and notes a vendor advisory reference. No CVSS score, affected-version list, or patch-level details were included in the supplied corpus.
Official resources
-
CVE-2024-13160 CVE record
CVE.org
-
CVE-2024-13160 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Public debrief based only on the supplied CISA KEV feed and official record links; no exploit code, proof-of-concept, or unsupported impact claims are included.