US EditionIvanti patches two 0-days and a critical make-me-admin bug
- In May 2025, Ivanti issued patches to resolve two critical security flaws in its EPMM product that had been exploited in targeted attacks.
- The vulnerabilities, CVE-2025-4427 and CVE-2025-4428, allow attackers to bypass authentication and execute remote code, posing a severe risk to affected organizations.
- The authentication bypass flaw has a CVSS score of 5.3, while the remote code execution flaw scores 7.2, and exploiting both can enable unauthenticated system control.
- Ivanti recommends upgrading to fixed EPMM versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1, and suggests API access filtering using Portal ACLs or external web application firewalls to mitigate risk.
- The incident highlights the importance of prompt patching and robust API controls for EPMM users, as a limited number of exploitations have occurred in real-world attacks.
15 Articles
15 Articles
Multiple Ivanti Endpoint Manager Vulnerabilities Allows Remote Code Execution - Cybernoz - Cybersecurity News
Critical security flaws have been uncovered in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) solution, exposing organizations to the risk of unauthenticated remote code execution (RCE). The vulnerabilities, tracked as CVE-2025-4427 and CVE-2025-4428, have been actively exploited in the wild, prompting urgent calls for patching from security agencies and Ivanti itself. Ivanti Endpoint Manager Vulnerabilities …
HackRead
IT Security News - cybersecurity, infosecurity newsIvanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…
Ivanti Endpoint Manager Vulnerabilities Allow Unauthenticated Remote Code Execution
Critical vulnerability chain in Ivanti Endpoint Manager Mobile (EPMM) has exposed enterprise mobile device management systems to pre-authenticated remote code execution (RCE) attacks. The flaws, tracked as CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (remote code execution), allow attackers to compromise systems without credentials by chaining these vulnerabilities. Security firm watchTowr Labs confirmed active exploitation attempts a…
Actively abused Ivanti EPMM zero-days fixed
SecurityWeek reports that updates have been issued by Ivanti to address a pair of zero-day vulnerabilities in its Endpoint Manager Mobile offering, which have been chained in ongoing attacks that were confirmed to have impacted very few of its customers. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: …
Coverage Details
Bias Distribution
- 100% of the sources are Center
To view factuality data please Upgrade to Premium
Ownership
To view ownership data please Upgrade to Vantage
