Ivanti has recently issued security patches to rectify two significant vulnerabilities in its Endpoint Manager Mobile (EPMM) software. These flaws have been exploited in limited attacks, allowing threat actors to achieve remote code execution on affected systems.
Details of the Vulnerabilities:
1. CVE-2025-4427: This vulnerability is an authentication bypass issue within Ivanti EPMM. It enables attackers to access protected resources without the need for valid credentials. The Common Vulnerability Scoring System (CVSS) has assigned it a score of 5.3, indicating a moderate severity level.
2. CVE-2025-4428: This is a remote code execution vulnerability in Ivanti EPMM. It allows attackers to execute arbitrary code on the target system. This flaw has a CVSS score of 7.2, reflecting a high severity level.
Affected Versions and Patch Information:
The vulnerabilities impact the following versions of Ivanti EPMM:
– Versions 11.12.0.4 and earlier (patched in version 11.12.0.5)
– Versions 12.3.0.1 and earlier (patched in version 12.3.0.2)
– Versions 12.4.0.1 and earlier (patched in version 12.4.0.2)
– Versions 12.5.0.0 and earlier (patched in version 12.5.0.1)
Ivanti has acknowledged that a very limited number of customers have been exploited at the time of disclosure. The company attributes these vulnerabilities to two open-source libraries integrated into EPMM but has not disclosed the specific libraries involved. Consequently, other software applications relying on these libraries may also be affected.
Mitigation Measures:
To mitigate the risks associated with these vulnerabilities, Ivanti recommends the following actions:
– Apply the Patches Promptly: Users should update their EPMM instances to the latest versions as specified above to address the vulnerabilities.
– Implement Access Controls: Filtering access to the API using built-in Portal Access Control Lists (ACLs) functionality or an external web application firewall can significantly reduce the risk.
It’s important to note that these issues only affect the on-premises EPMM product. Ivanti’s cloud-based unified endpoint management solution, Ivanti Neurons for MDM, Ivanti Sentry, and other Ivanti products are not impacted.
Additional Security Update:
In a related development, Ivanti has also released patches to address an authentication bypass flaw in on-premise versions of Neurons for IT Service Management (ITSM). This vulnerability, identified as CVE-2025-22462 with a CVSS score of 9.8, could allow a remote unauthenticated attacker to gain administrative access to the system. Currently, there is no evidence to suggest that this security defect has been exploited in the wild.
Context and Implications:
The exploitation of zero-day vulnerabilities in Ivanti appliances has become a focal point for threat actors in recent years. For instance, in January 2025, Ivanti addressed four critical security flaws in its Endpoint Manager (EPM) software, including CVE-2024-13159, CVE-2024-13160, CVE-2024-13161, and CVE-2024-10811. These vulnerabilities, with CVSS scores of 9.8, were rooted in absolute path traversal issues that allowed remote unauthenticated attackers to leak sensitive information. Horizon3.ai released technical details and proof-of-concept exploits for these flaws, emphasizing the need for prompt patching.
Furthermore, in March 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five security flaws impacting Advantive VeraCore and Ivanti EPM to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion was based on evidence of active exploitation in the wild, underscoring the critical nature of these vulnerabilities.
Given this backdrop, it is imperative for organizations utilizing Ivanti products to remain vigilant. Regularly updating software, implementing robust access controls, and monitoring for unusual activity are essential steps to safeguard systems against potential exploits.
Conclusion:
Ivanti’s recent security updates address critical vulnerabilities in its EPMM software that have been exploited in limited attacks. Organizations are urged to apply these patches promptly and implement recommended mitigation measures to protect their systems. Staying informed about emerging threats and maintaining a proactive security posture are crucial in the ever-evolving cybersecurity landscape.
