December 15, 2025
Summary
- New Rapid Response advisory and queries for Ivanti Endpoint Manager Stored XSS Vulnerability [CVE-2025-10573].
- New software fingerprints for n8n servers and Apache Tika servers.
- New ASM risk fingerprints for Fortinet products vulnerable to CVE-2025-59718 and CVE-2025-59719 and Ivanti Endpoint Manager instances vulnerable to CVE-2025-10573.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issue.
-
Ivanti Endpoint Manager Stored XSS Vulnerability [CVE-2025-10573]
- The following queries can be used to identify exposed Ivanti EPM instances.
- The following queries can be used to identify exposed and vulnerable Ivanti EPM instances.
New fingerprints
Added the following fingerprints.
Type | Name | Description | Query |
|---|---|---|---|
software | n8n Server | This is a n8n Server, an open-source workflow automation platform with AI integration. | Platform query |
software | Apache Tika | This is an Apache Tika Server, a content analysis toolkit. | Platform query |
risk | Vulnerable Ivanti Endpoint Manager [CVE-2025-10573] | This is a service running a version of Ivanti Endpoint Manager vulnerable to CVE-2025-10573, a critical Stored Cross-Site Scripting (XSS) vulnerability that allows a remote unauthenticated attacker to execute JavaScript in the context of an administrator's browser session, potentially leading to session hijacking and unauthorized administrative actions. | ASM query: |
risk | Vulnerable Fortinet Products [CVE-2025-59718, CVE-2025-59719] | This is a Fortinet FortiOS device running a version that is vulnerable to CVE-2025-59718 and CVE-2025-59719, an Improper Verification of Cryptographic Signature vulnerability [CWE-347] that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message, if that feature is enabled on the device. | ASM query: |