Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
14 May 2025
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution.
The vulnerabilities in question are listed below -
CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials