175/68 Thursday, May 15, 2025
Ivanti has issued an urgent security advisory urging customers to immediately update their Endpoint Manager Mobile (EPMM) software after discovering two critical vulnerabilities that can be chained together to allow unauthenticated remote code execution by attackers.
The first vulnerability, CVE-2025-4427, is an authentication bypass on the EPMM API that enables unauthorized access to sensitive information. The second, CVE-2025-4428, allows malicious code execution via specially crafted API requests targeting the EPMM system.
According to Ivanti, these vulnerabilities only affect on-premise versions of EPMM and do not impact other Ivanti solutions such as Ivanti Neurons for MDM or Ivanti Sentry. Customers are advised to upgrade to one of the following patched versions to mitigate the risk:
- EPMM 11.12.0.5
- EPMM 12.3.0.2
- EPMM 12.4.0.2
- EPMM 12.5.0.1
Although there are no confirmed indicators of compromise (IoCs) at this time, Ivanti recommends that customers contact support for additional mitigation guidance. Data from the Shadowserver Foundation indicates that hundreds of EPMM instances are publicly accessible online, with the highest concentrations in Germany and the United States.
Additionally, Ivanti has patched other products, including:
- CVE-2025-22462 in Ivanti Neurons for ITSM, which could allow unauthenticated administrative access.
- CVE-2025-22460, a default credentials issue in Ivanti Cloud Services Appliance (CSA), which may be exploited to escalate privileges.
Both the FBI and CISA have previously warned that Ivanti devices are frequent targets of advanced persistent threats (APTs) using zero-day exploits, reinforcing the urgency of applying patches promptly.
