Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.Referenceshttps://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024
