Ivanti Endpoint Manager Mobile exploit chain exploited in the wild


On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM):

CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications, and content. CVE-2025-4427 is an authentication bypass vulnerability with a CVSS rating of 5.3 (Medium). CVE-2025-4428 is an authenticated remote code execution (RCE) vulnerability with a CVSS rating of 7.2 (High). By chaining the medium-severity authentication bypass (CVE-2025-4427), an unauthenticated attacker can reach a web API endpoint to inject server-side template patterns and exploit the high-severity vulnerability (CVE-2025-4428).

Read more…
Source: Rapid7


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Patch Tuesday – December 2024

    December 10, 2024

    Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as ...

  • QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices

    December 10, 2024

    QNAP has released fixes for several vulnerabilities affecting the QTS and QuTS hero operating systems. In addition to the three high severity vulnerabilities below, the security advisory also addresses two medium severity vulnerabilities and three low severity vulnerabilities. QuTS is QNAP’s operating system for high-end enterprise NAS devices. Vulnerability Details CVE-2024-48865: An improper certificate validation vulnerability ...

  • Zyxel Releases Advisory for Exploited Vulnerability CVE-2024-11667

    December 2, 2024

    Zyxel has released a security advisory addressing recent targeting of its firewall products. Attackers have been observed exploiting vulnerabilities patched in September (see Cyber Alert CC-4541) and a previously undisclosed high severity vulnerability. CVE-2024-11667 is a path traversal vulnerability and has a CVSSv3 score of 7.5. If exploited, an attacker could download or upload files via ...

  • SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)

    November 27, 2024

    SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client. This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of ...

  • Update now – Apple confirms vulnerabilities are already being exploited

    November 20, 2024

    Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using ...

  • Sitting Duck Cyber Attacks – Warning Issued As Websites Targeted

    November 20, 2024

    A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts. The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber ...