Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution



Ivanti has released critical security patches to address two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, CVE-2025-4427 and CVE-2025-4428. The patches are a result of a collaboration with CERT-EU and have been deemed necessary to mitigate the risk of remote code execution. To safeguard sensitive information, it is essential for organizations to prioritize cybersecurity and stay informed about emerging vulnerabilities.

  • Ivanti has released security patches to address two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software.
  • The patches mitigate the risk of remote code execution due to CVE-2025-4427 and CVE-2025-4428, which allow attackers to gain unauthorized access to protected resources without proper credentials.
  • The first vulnerability has a CVSS score of 5.3, while the second has a score of 7.2, denoting high and significant risk levels respectively.
  • The patches apply to various versions of EPMM software, including 11.12.0.4 and prior, with fixed versions available in 11.12.0.5, 12.3.0.1, etc.
  • Customers can reduce the risk by filtering access to the API using built-in Portal ACLs functionality or an external web application firewall.
  • The patches do not affect Ivanti Neurons for MDM, Ivanti Sentry, or other Ivanti products.
  • IT teams must update their instances to the latest versions to optimize protection against zero-day attacks and emerging vulnerabilities.



    • In a recent development that has sent shockwaves through the cybersecurity community, Ivanti, a leading provider of endpoint management solutions, has announced the release of security patches to address two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software. The patches, which have been deemed necessary to mitigate the risk of remote code execution, are a result of a collaboration between Ivanti and CERT-EU, a renowned European cybersecurity organization that specializes in identifying and reporting security flaws.

    According to the latest intelligence from Ivanti, the two identified vulnerabilities, CVE-2025-4427 and CVE-2025-4428, have been chained together in attacks, allowing attackers to gain unauthorized access to protected resources without proper credentials. The first vulnerability, CVE-2025-4427, has an associated CVSS score of 5.3, indicating a moderate level of severity. This authentication bypass flaw in Ivanti Endpoint Manager Mobile allows attackers to bypass the normal security protocols and access sensitive information.

    The second and more severe vulnerability, CVE-2025-4428, boasts an associated CVSS score of 7.2, denoting a high level of risk. This remote code execution vulnerability in Ivanti Endpoint Manager Mobile enables attackers to execute arbitrary code on the target system. The impact of this flaw is significant, as it can potentially allow attackers to perform actions that they might not be authorized to do.

    The vulnerabilities identified by Ivanti affect various versions of its EPMM software, including 11.12.0.4 and prior (fixed in 11.12.0.5), 12.3.0.1 and prior (fixed in 12.3.0.2), 12.4.0.1 and prior (fixed in 12.4.0.2), and 12.5.0.0 and prior (fixed in 12.5.0.1). Ivanti has stated that it is aware of a very limited number of customers who have been exploited at the time of disclosure, but emphasized that the vulnerabilities are associated with two open-source libraries integrated into EPMM.

    Furthermore, Ivanti noted that the risk to its customers is significantly reduced if they filter access to the API using either the built-in Portal ACLs functionality or an external web application firewall. This advice underscores the importance of maintaining robust security protocols and up-to-date software in preventing such attacks.

    It's also worth noting that this latest vulnerability update does not affect Ivanti Neurons for MDM, Ivanti Sentry, or any other Ivanti products. Additionally, Ivanti has shipped patches to contain an authentication bypass flaw in on-premise versions of Neurons for ITSM (CVE-2025-22462), which could allow a remote unauthenticated attacker to gain administrative access to the system.

    As is often the case in recent years, zero-days in Ivanti appliances have become a lightning rod for threat actors. As such, it's imperative that users move quickly to update their instances to the latest versions for optimal protection against these threats.

    The impact of this vulnerability update should not be underestimated. The constant evolution of cybersecurity threats and vulnerabilities necessitates vigilance and proactive measures from IT teams to safeguard sensitive information. By staying informed about emerging vulnerabilities and implementing timely patches, organizations can significantly reduce the risk of successful attacks.

    In conclusion, Ivanti's latest security patch release highlights the ongoing importance of up-to-date software, robust security protocols, and vigilant IT teams in preventing sophisticated cyber threats. As threat actors continue to evolve their tactics, it is essential for organizations to prioritize cybersecurity and stay one step ahead by leveraging the latest patches and best practices.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Ivanti-Patches-EPMM-Vulnerabilities-Exploited-for-Remote-Code-Execution-ehn.shtml

  • https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html

  • https://nvd.nist.gov/vuln/detail/CVE-2025-4427

  • https://www.cvedetails.com/cve/CVE-2025-4427/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-4428

  • https://www.cvedetails.com/cve/CVE-2025-4428/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-22462

  • https://www.cvedetails.com/cve/CVE-2025-22462/


    • Published: Wed May 14 01:13:25 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us