Ivanti Releases Security Patches Addressing EPMM Vulnerabilities Exploited in Targeted Remote Code Execution Attacks

Ivanti has issued crucial security updates aimed at mitigating two significant vulnerabilities identified in the Endpoint Manager Mobile (EPMM) software, which could potentially be exploited by attackers to achieve remote code execution.

The vulnerabilities are as follows:

– CVE-2025-4427 (CVSS score: 5.3) – This represents an authentication bypass issue within Ivanti Endpoint Manager Mobile, enabling unauthorized access to protected resources without appropriate credentials.
– CVE-2025-4428 (CVSS score: 7.2) – This is a remote code execution vulnerability that allows attackers to run arbitrary code on the compromised system.

An attacker leveraging these vulnerabilities could effectively chain them to execute arbitrary code on affected devices without requiring authentication.

The following versions of the EPMM software are affected by these vulnerabilities:

– 11.12.0.4 and earlier (patched in version 11.12.0.5)
– 12.3.0.1 and earlier (patched in version 12.3.0.2)
– 12.4.0.1 and earlier (patched in version 12.4.0.2)
– 12.5.0.0 and earlier (patched in version 12.5.0.1)

Ivanti acknowledged CERT-EU for reporting these vulnerabilities and indicated that there have been reports of a very limited number of customers potentially affected at the time of disclosure. Notably, the vulnerabilities are said to be associated with two open-source libraries integrated within EPMM; however, Ivanti has chosen not to disclose the names of these libraries or any other software applications that might be impacted. Furthermore, the company is actively investigating the circumstances surrounding the exploitation and has yet to establish reliable indicators of compromise related to this malicious activity.

Ivanti has assured customers that the risk of exploitation is considerably reduced for those who utilize the built-in Portal ACLs functionality or employ an external web application firewall to filter API access. It is important to note that these issues only affect the on-premises EPMM product; they do not extend to Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or other Ivanti products.

In addition, Ivanti has released patches to rectify an authentication bypass vulnerability (CVE-2025-22462, CVSS score: 9.8) affecting on-premises versions of Neurons for ITSM. This flaw potentially allows remote unauthenticated attackers to gain administrative access to the system, although there is currently no evidence of exploitation in the wild.

Given the increasing prevalence of zero-day vulnerabilities in Ivanti products in recent years, it is crucial for users to promptly update their systems to the latest versions to ensure maximum protection against potential threats.