Ivanti reports actively exploited EPMM flaws, urges immediate patching
Take action: If you are using Ivanti Endpoint Manager Mobile on premises, this is an URGENT advisory. Update your EPMM because it's already actively hacked, using flaws that are not even deemed critical. Just another reminder to always keep up with patches.
Learn More
Ivanti has issued an urgent security advisory warning customers to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities that are being actively chained together in attacks to achieve remote code execution.
Vulnerability summary
- CVE-2025-4427 (CVSS score 5.3) - Authentication bypass vulnerability in EPMM's API component - Allows attackers to access protected resources on vulnerable devices
- CVE-2025-4428 (CVSS score 7.2) - Remote code execution vulnerability - Enables threat actors to execute arbitrary code via maliciously crafted API requests
Both flaws are associated with open-source libraries used by EPMM. Ivanti has not disclosed the names of the open-source libraries involved, nor have they provided indicators of compromise as their investigation remains ongoing.
The vulnerabilities impact the on-premises version of Ivanti Endpoint Manager Mobile (formerly known as MobileIron Core). The company confirmed that a limited number of customers have already been affected by these exploits.
Ivanti has released security patches to address these vulnerabilities and strongly urges all customers using on-premises EPMM to update immediately to one of the following versions:
- Ivanti Endpoint Manager Mobile 11.12.0.5
- Ivanti Endpoint Manager Mobile 12.3.0.2
- Ivanti Endpoint Manager Mobile 12.4.0.2
- Ivanti Endpoint Manager Mobile 12.5.0.1
The company has mobilized additional support resources to assist customers with implementing these patches and addressing any concerns. Customers requiring assistance should contact Ivanti's Support Team through the company's Success portal.
