May 14, 2025 By Pierluigi Paganini
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited attacks.
Ivanti has released security updates to address two vulnerabilities in Endpoint Manager Mobile (EPMM) software. The company confirmed that threat actors have chained the flaws in limited attacks to gain remote code execution.
The two vulnerabilities are tracked as CVE-2025-4427 and CVE-2025-4428, below are their description:
- CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials.
- CVE-2025-4428 (CVSS score: 7.2) – A remote code execution vulnerability in Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system.
CERT-EU reported both vulnerabilities to the software firm.
The company confirmed that threat actors could chain the two vulnerabilities to achieve remote code execution without authentication.
