Ivanti just came up with an urgent security update to patch two newly found Ivanti EPMM vulnerabilities in its Endpoint Manager Mobile (EPMM) software. It was recently learned that the flaws were exploited in limited attacks, making way for threat actors to execute remote code execution (RCE).
Overview of Ivanti EPMM Vulnerabilities and Their Exploitation
The two critical issues identified are:
- CVE-2025-4427 (CVSS Score: 5.3) is an authentication bypass scam permitting attackers to obtain protected resources without legitimate credentials.
- CVE-2025-4428 (CVSS Score: 7.2) is a remote code execution flaw allowing attackers to run arbitrary code on selected systems.
These two flaws could be chained together into other attacks on the environments where they are effective.
Impacted Product Versions
The following EPMM versions are vulnerable:
- 11.12.0.4 and earlier resolved in 11.12.0.5
- Resolved in 12.3.0.2 from 12.3.0.1 and earlier
- 12.4.0.1 and earlier fixed in 12.4.0.2
- Fixed in 12.5.0.1 for 12.5.0.0 and earlier
Ivanti advises every user of these versions to update immediately to prevent possible compromise.
Ivanti’s Response and Mitigation Steps
The Ivanti EPMM Vulnerabilities were reported by CERT-EU, and Ivanti acknowledged that a small number of customers were affected at the time of disclosure.
The issues are linked to two open-source libraries integrated into EPMM, though Ivanti has not publicly named them. It’s unknown whether other programs utilizing these libraries might also be exposed.
Ivanti advises minimizing risk exposure with either an outside Web Application Firewall (WAF) or the Portal ACLs (Access Control Lists) included. Only the on-premises EPMM product is impacted by this problem.
Cloud-based products such as Ivanti Sentry and Ivanti Neurons for MDM are unaffected.
Additional Patch for Ivanti Neurons
Ivanti has also patched another critical vulnerability:
CVE-2025-22462 (CVSS Score: 9.8): An authentication bypass in Neurons for ITSM (on-premises version), letting remote attackers without credentials gain control of administrative access.
According to Ivanti, there is no evidence that this vulnerability is being used in the wild.
Final Thoughts and Recommendations
With zero-day vulnerabilities in Ivanti products catching the eye of threat actors lately, it’s essential for organizations to:
- Apply patches without delay
- Filter access via ACLs or WAF
- Monitor systems for unusual activity
Maintaining software updates and security advisories is essential to protecting your infrastructure from new threats.
Welcome to Techzivo.com! I am Ahsan Ali, a professional technology enthusiast and web developer committed to delivering high-quality tech solutions. Through this platform, I provide insightful articles and innovative tools to enhance user experience and security. Dedicated to advancing the tech community, I invite you to explore my work and join me in this journey of technological excellence.