The U.S. Cybersecurity and Infrastructure Security Agency has added a newly disclosed vulnerability in Ivanti Endpoint Manager to its Known Exploited Vulnerabilities catalog after finding evidence that attackers are already using it in the wild. The designation signals that the flaw is not just theoretical and that organizations should treat it as an urgent security risk.

Ivanti Endpoint Manager is widely used by companies and public-sector networks to manage devices and software across large systems, which can make a weakness in the platform especially dangerous. Security officials said the active exploitation raises the likelihood of intrusion, data theft, and further compromise if administrators do not act quickly.

CISA’s update puts added pressure on affected organizations to review their deployments, apply available mitigations, and install vendor patches as soon as possible. The agency regularly maintains the catalog to help defenders prioritize vulnerabilities that are already being abused by threat actors.

The disclosure adds to a growing list of high-impact software flaws that cybersecurity teams must race to contain before attackers can expand their access. For network operators, the immediate priority is to identify exposed systems and reduce the chance of a broader breach.