CVE-2025-6996

High

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local…

ivanti·CWE-257·Published 2025-07-08

CVSS

8.4

EPSS

0.00

KEV

Exploits

cve.orgen

194 chars

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

NVDen

194 chars

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

El uso indebido del cifrado en el agente de Ivanti Endpoint Manager anterior a la versión 2024 SU3 y 2022 SU8 Security Update 1 permite que un atacante local autenticado descifre las contraseñas de otros usuarios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.4	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
3.1	Secondary	NVD	8.4	2.0	5.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N