What is CVE-2025-43716?

CVE-2025-43716 is a medium-severity vulnerability in Ivanti Landesk Management Suite, classified under CWE-180. CVSS score: 5.8/10. Published 2025-04-23.

How severe is CVE-2025-43716?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Ivanti Landesk Management Suite

CVE-2025-43716

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to vari…

EPSS: 0.003 (53.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N.

Affected products

Ivanti Landesk Management Suite — versions 0

Weakness classification (CWE)

CWE-180

References

forums.ivanti.com/s/article/Graphical-overview-of-the-LANDesk-Management-Gatewa…
medium.com/@0xbytehunter/discovery-of-path-traversal-vulnerability-in-landesk-m…

Frequently asked questions

What is CVE-2025-43716?: CVE-2025-43716 is a medium-severity vulnerability in Ivanti Landesk Management Suite, classified under CWE-180. CVSS score: 5.8/10. Published 2025-04-23.
How severe is CVE-2025-43716?: Medium severity. CVSS v3 base score is 5.8 out of 10.