- Description
- OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-78
- Hype score
- Not currently trending
**CVE-2025-10985** is a critical security flaw identified in Ivanti Endpoint Manager Mobile (EPMM) prior to versions 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability resides in the admin panel of the software, where an OS command injection flaw allows an authenticated attacker
@CveTodo
14 Oct 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10985 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to… https://t.co/x17BjL9vGr
@CVEnew
14 Oct 2025
211 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CCB657-0965-4842-B6BD-B7B2890DFB0B",
"versionEndExcluding": "12.4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395B1544-0C7B-4883-BA2D-772416DE26E5",
"versionEndExcluding": "12.5.0.4",
"versionStartIncluding": "12.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B20A3-676C-4ED2-B6A7-EEB2B537666C",
"versionEndExcluding": "12.6.0.2",
"versionStartIncluding": "12.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]