Ivanti has issued critical security patches for its Endpoint Manager Mobile (EPMM) product to address two recently discovered vulnerabilities—CVE-2025-4427 and CVE-2025-4428—one rated medium and the other high in severity. When exploited together, these flaws could allow unauthenticated remote code execution on affected systems.

Ivanti confirmed that a small number of customers have been impacted by these vulnerabilities prior to public disclosure.

Details of the Vulnerabilities

CVE-2025-4427: A medium-severity authentication bypass issue allowing attackers to gain unauthorized access to protected resources.

  • CVSS Score: 5.3
  • ector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CWE: 288

CVE-2025-4428: A high-severity remote code execution (RCE) flaw enabling attackers to run arbitrary code on target systems.

  • CVSS Score: 7.2
  • Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CWE: 94

The vulnerabilities were traced back to open-source libraries integrated into EPMM, not Ivanti’s proprietary code. Ivanti has emphasized that the use of open-source components is common industry practice and that enterprise-grade security tools are routinely used to manage associated risks.

Ivanti EPMM Impact

The following versions of EPMM are impacted:

  • 11.12.0.4 and earlier
  • 12.3.0.1 and earlier
  • 12.4.0.1 and earlier
  • 12.5.0.0 and earlier
                                                       Exposed Ivanti EPMM Instances

The Shadowserver threat monitoring platform is currently tracking hundreds of Ivanti EPMM instances accessible online, with the highest concentrations found in Germany (992 instances) and the United States (418 instances).

Mitigation

Customers who cannot immediately upgrade are advised to limit API access using Ivanti’s Portal ACLs or an external Web Application Firewall (WAF). While effective, these mitigations may impact integrations, such as:

  • Windows Device Registrations (Autopilot)
  • Microsoft Device Compliance
  • Graph API interactions

Ivanti also provides an RPM file for manual patching in certain cases. Customers requiring this workaround must open a support case to obtain the RPM and follow a CLI-based installation guide. The RPM has been tested on supported versions 12.3, 12.4, and 12.5.

For Reference: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US

Follow Cybersecurity88 on X and Linkedin for the latest cybersecurity news