Ivanti Security Advisory: Critical Vulnerabilities in Endpoint Manager Mobile (EPMM) Addressed

This heading succinctly captures the essence of the content, highlighting the focus on security vulnerabilities and the specific software affected.

Ivanti Issues Urgent Security Patches for Endpoint Manager Mobile Vulnerabilities

In a critical move to safeguard enterprise systems, Ivanti has released security patches addressing two significant vulnerabilities in its Endpoint Manager Mobile (EPMM) software. Identified as CVE-2025-4427 and CVE-2025-4428, these flaws have been actively exploited in limited attacks, raising alarms among organizations relying on the software.

CVE-2025-4427, with a CVSS score of 5.3, allows attackers to bypass authentication mechanisms, granting unauthorized access to protected resources. More alarmingly, CVE-2025-4428, rated at a severe 7.2, enables remote code execution, potentially allowing attackers to take full control of affected systems.

When exploited together, these vulnerabilities pose a grave risk, as they enable attackers to execute arbitrary code without authentication. Ivanti’s May 2025 advisory highlighted the urgency of these issues, noting that a limited number of cases had already been reported.

The vulnerabilities affect several versions of EPMM, specifically versions 11.12.0.4 and earlier, along with all 12.3.0.1, 12.4.0.1, and 12.5.0.0 versions. Organizations are strongly urged to upgrade to the patched versions—11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1—to mitigate the risks.

For those unable to upgrade immediately, Ivanti recommends implementing security measures such as filtering API access using built-in Portal ACLs or deploying an external Web Application Firewall (WAF). However, these measures may have limitations, particularly in dynamic environments.

As cyber threats continue to evolve, organizations must remain vigilant, promptly applying security patches and adhering to best practices to protect their systems from potential exploitation.