# CVE-2025-10573

> Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

- **CVSS:** 9.6 (CRITICAL)
- **EPSS:** 0.0%
- **CWE:** CWE-79

Canonical: https://intel.threadlinqs.com/cve/CVE-2025-10573
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp