What is the CVSS score of EUVD-2025-20506?

EUVD-2025-20506 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Endpoint Manager are affected by EUVD-2025-20506?

Organizations using Ivanti Endpoint Manager face moderate risk from CVE-2025-7037, a SQL injection vulnerability rated CVSS 7.2.

How to fix or mitigate EUVD-2025-20506?

Within 7 days: Identify all affected systems running Ivanti Endpoint Manager and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Endpoint Manager EUVD-2025-20506

| CVE-2025-7037 HIGH

SQL Injection (CWE-89)

2025-07-08 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

SQLi Ivanti Endpoint Manager

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20506

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 15:15 nvd

HIGH 7.2

DescriptionNVD

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

Analysis

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

More from same product – last 7 days

CVE-2026-8992 HIGH This Week

8.8 May 22

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar

EUVD-2025-20506 vulnerability details – vuln.today

Back

Endpoint Manager EUVD-2025-20506

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code