- Ivanti poured two defects that were chained to mount RCE attacks
- A “limited number” of companies allegedly committed
- Only the products are affected in the first
Ivanti has launched a patch for two vulnerabilities in its Mobile Software (EPMM) of Endpoint Manager, which is supposedly chained in the attacks of remote code execution (RCE) in nature.
Vulnerabilities are traced as CVE-2025-4427 and CVE-2025-4428. The first is an authentication bypass in the EPMM API, allowing threat actors to access protected resources. An average severity score of 5.3 was assigned.
The latter is a vulnerability of exploited RCE through maliciously elaborated API applications. This received a high gravity score (7.2/10).
Ivanti says that he has seen it abused in the attacks: “When they are chained, a successful exploitation could lead to a non -authenticated remote code execution,” said the company in a security warning. “We are aware of a very limited number of customers whose solution has been exploited at the time of dissemination.”
To address the problem, users must install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2 or 12.5.0.1.
“The problem only affects the EPMM product in the prize. It is not present in the Ivanti neurons for MDM, the unified final point management solution based on Ivanti’s cloud, Ivanti Sentry or any other Ivanti product,” the company explained. “We urge all customers who use the EPMM product in the prize to quickly install the patch.”
Ivanti EPMM software is a popular solution in different industries, including medical care, education, logistics, manufacturing and government. According to the Showowserver, there are hundreds of instances exposed at this time, mainly in Germany (992), but with a significant number in the United States (418) as well.
Those who cannot apply the patch at this time can implement different solutions. Ivanti said that these users must follow the best practices guide or filter access to the API using the functionality of the built -in portal or an external WAF. Here you can find more details about the use of the ACL functionality of the portal.
Through Bleepingcomputer
