Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Published: 2025-12-09
CVSS: 9.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Download Exploit for CVE-2025-10573 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-55-cve-2024-45801/
https://augustaverburg.nl/exploit-367-cve-2025-66293/
https://augustaverburg.nl/exploit-203-cve-2013-3897/
https://augustaverburg.nl/exploit-370-cve-2023-32681/