Ivanti has released a security update to address two security flaws in Endpoint Manager Mobile (EPMM) software that was taken to an attack to gain remote code execution.
The vulnerabilities in question are listed below –
CVE-2025-4427 (CVSS score: 5.3) – Authentication bypass attackers can access protected resources without proper credentials on IVANTI Endpoint Manager mobile CVE-2025-4428 (CVSS score: 7.2)
Defects affect the next version of the product –
11.12.0.4 and previous (fixed to 11.12.0.5) 12.3.0.1 and Prior (fixed to 12.3.0.2) 12.4.0.1 and Front (fixed to 12.4.0.2) 12.5.0.0 and Front (fixed to 12.5.0.1)
Ivanti praised Cert-EU for reporting the issue, but said it “recognizes a very limited number of customers that were exploited during disclosure,” and that the vulnerability was “related to two open source libraries integrated into EPMM.”
However, the company did not disclose the names of the affected libraries. I also don’t know that other software applications that rely on the two libraries may be affected. Additionally, the company is still investigating cases and said it does not have a reliable indicator of compromise related to malicious activities.
“Already filtering access to APIs using either the built-in portal ACLS feature or the external web application firewall will significantly reduce the risk to customers,” Ivanti said.
“This issue only affects ONPREM EPMM products. It is not present in Ivanti neurons in MDM, Ivanti’s cloud-based integrated endpoint management solutions, Ivanti Sentry, or other Ivanti products.”
Apart from that, Ivanti has also shipped patches containing authentication bypass defects to the on-premises version of neurons in ITSM (CVE-2025-22462, CVSS score: 9.8). There is no evidence that security flaws are being exploited in the wild.
With zero-days on Ivanti appliances becoming a lightning bolt for threat actors in recent years, it is essential that users move quickly to update their instances to the latest version for optimal protection.
Source link
