On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM):
CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications, and content. CVE-2025-4427 is an authentication bypass vulnerability with a CVSS rating of 5.3 (Medium). CVE-2025-4428 is an authenticated remote code execution (RCE) vulnerability with a CVSS rating of 7.2 (High). By chaining the medium-severity authentication bypass (CVE-2025-4427), an unauthenticated attacker can reach a web API endpoint to inject server-side template patterns and exploit the high-severity vulnerability (CVE-2025-4428).
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- ConnectWise rotating code signing certificates due to security concerns
June 9, 2025
ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions. In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue ...
- Fortinet Flaws Exploited by Qilin Ransomware
June 8, 2025
Fortinet was recently found to have certain vulnerabilities that hackers like the Qilin group exploited. Here’s how they manipulated these weaknesses: Misconfigurations in security appliances provided a direct entry point for Qilin.Outdated Software: Failure to update Fortinet software allowed the ransomware to exploit known vulnerabilities. Qilin also employs social engineering tactics to gain unauthorized access: Phishing Attacks: Targeting employees ...
- Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
June 6, 2025
The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed ...
- Cisco Releases Security Advisory Affecting Cisco Identity Service Engine
June 5, 2025
Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks. CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded ...
- Roundcube Releases Security Updates for Webmail
June 4, 2025
Roundcube has released versions 1.6.11 and 1.5.10 for its Webmail product. The updated versions address a critical severity vulnerability in the Webmail product. CVE-2025-49113 has a CVSSv3 score of 9.9 and is a “deserialisation of untrusted data” vulnerability. An authenticated remote attacker could exploit this vulnerability to achieve remote code execution. Read more… Source: NHS Digital Sign up for ...
- Android chipmaker Qualcomm fixes three zero-days exploited by hackers
June 3, 2025
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.” According to ...

