Ivanti and Zyxel Release Urgent Patches for Critical Vulnerabilities

Ivanti has rolled out crucial software updates aimed at mitigating multiple vulnerabilities in its Endpoint Manager (EPM) software, targeting a spectrum of security flaws that could potentially jeopardize user data and system integrity. Among these, a particularly severe deserialization of untrusted data vulnerability (CVE-2024-29847) stands out with a CVSS score of 10.0, indicating its critical nature and the potential for remote unauthenticated attackers to execute arbitrary code. This is a significant concern as such vulnerabilities can open the door for various forms of cyberattacks, from data breaches to system takeovers.

In addition to this critical flaw, Ivanti has also patched several unspecified SQL injection vulnerabilities (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34779, -34783, and -34785), each carrying a CVSS score of 9.1. These vulnerabilities are particularly menacing as they allow an authenticated attacker with administrative privileges to potentially execute remote code, thus gaining unauthorized access and control over affected systems. The vulnerable versions include EPM 2024 and 2022 SU5 and earlier, with the issues addressed in the newly released versions 2024 SU1 and 2022 SU6. Ivanti emphasizes the urgency of upgrading to these latest versions to mitigate risks.

Significance of Prompt Updates

The release of these software updates underscores the urgent need for organizations using Ivanti’s products to promptly upgrade to the latest versions to protect against these identified flaws. To date, Ivanti has confirmed that there have been no reports of active exploitation of these vulnerabilities in the wild. Nevertheless, the swift response to these issues highlights a proactive approach following the exploitation of zero-day vulnerabilities in Ivanti products, particularly by cyber espionage groups with ties to China. These groups’ activities underscore the increasingly sophisticated threats organizations face in today’s cybersecurity landscape.

Ivanti’s quick action in issuing these patches highlights the company’s commitment to its users’ security. In addition to releasing updates for EPM, Ivanti has rectified seven high-severity vulnerabilities in Ivanti Workspace Control (IWC) and Ivanti Cloud Service Appliance (CSA). To bolster its security posture, Ivanti has increased its internal scanning and manual testing protocols. Furthermore, the company has refined its responsible disclosure process, facilitating the increased identification and resolution of vulnerabilities. These measures are a testament to Ivanti’s dedication to fortifying its software and protecting its customers from evolving cyber threats.

Broader Cybersecurity Measures

Ivanti has released critical software updates to address multiple vulnerabilities in its Endpoint Manager (EPM) software. These updates target a variety of security flaws that could compromise user data and system integrity. Notably, a severe deserialization of untrusted data vulnerability (CVE-2024-29847) has been identified, with a maximum CVSS score of 10.0. This vulnerability is particularly dangerous as it allows remote unauthenticated attackers to execute arbitrary code, posing significant risks of data breaches and system takeovers.

Additionally, Ivanti has fixed several unspecified SQL injection vulnerabilities (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34779, -34783, and -34785), each with a CVSS score of 9.1. These SQL injection flaws are perilous because they enable an authenticated attacker with admin privileges to execute remote code, thereby gaining unauthorized access to systems. The affected versions include EPM 2024 and 2022 SU5 and earlier, with patches provided in versions 2024 SU1 and 2022 SU6. Ivanti stresses the urgency of upgrading to these latest versions to mitigate these serious security risks.

Explore more

Compliance Drives Regulated B2B Influencer Marketing in 2026

The shifting landscape of digital authority has fundamentally transformed how enterprise-level organizations engage with industry experts and thought leaders across global markets. As the professional world moves deeper into this period of technological saturation, the superficial tactics of the past have been replaced by a rigorous commitment to transparency and legal precision. In earlier years, the simple inclusion of a

Transforming Voice of the Customer Into Predictive Action

Corporate boardrooms often overflow with real-time dashboards and complex analytics, yet many organizations still find themselves blindsided by sudden shifts in customer loyalty and market demand. While the technology to capture feedback has become ubiquitous, the structural ability to interpret and act upon that data in a meaningful timeframe remains remarkably rare for the average enterprise. Most traditional systems are

How Will Databricks CustomerLake Redefine Agentic Marketing?

The ongoing evolution of the digital landscape has forced a radical reconsideration of how enterprises capture, process, and ultimately utilize the vast oceans of consumer data generated every second of the day. Modern marketing departments have long struggled with the paradox of having too much information but not enough actionable insight to drive meaningful consumer interactions in real time. The

How Can Small Banks Compete With Global Financial Giants?

Nikolai Braiden has seen the evolution of financial architecture from its early blockchain roots to the current wave of institutional modernization, and today he joins us to dissect a pivotal shift in venture capital. With BankTech Ventures recently deploying $15 million into AI and stablecoin solutions, the landscape for regional banking is undergoing a profound transformation. Braiden’s perspective as an

Bullski Presale Tops the List of Best Meme Coins for 2026

The current cryptocurrency market in 2026 has transitioned into a highly sophisticated arena where institutional standards and community-driven viral momentum converge to create unique financial opportunities. Investors are no longer satisfied with speculative assets lacking fundamental safeguards, leading to a significant shift toward projects that prioritize technical transparency and structured growth. In this evolving landscape, the Bullski presale has emerged