CVE-2025-4427

Published May 13, 2025

Last updated 24 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.

Description
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Exploit added on
May 19, 2025
Exploit action due
Jun 9, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-288

Social media

Hype score
Not currently trending
  1. 【MBSD-SOCの検知傾向トピックス】 2025年5月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Ivanti Endpoint Manager Mobileの脆弱性(CVE-2025-4427, CVE-2025-4428)を狙った攻撃を新たに観測しました。 ▼詳しくは

    @mbsdnews

    13 Jun 2025

    45 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. Az Ivanti sebezhetőségeivel a támadók kritikus infrastruktúrákat vesznek célba Az Ivanti Endpoint Manager Mobile (EPMM) két közelmúltbeli sebezhetőségét használta ki egy feltételezhetően Kínához köthető kiberkémkedési csoport. Ivanti sérülékenység CV

    @linuxmint_hun

    2 Jun 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA KEV 警告 25/05/19:Ivanti EPMM の脆弱性 CVE-2025-4427/4428 を登録 https://t.co/OSaYfwXYmm Ivanti EPMM の脆弱性 CVE-2025-4427/4428が CISA KEV に登録されました。当該製品をご利用のチームは、十分にご注意ください。

    @iototsecnews

    2 Jun 2025

    86 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    1 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/3Xp01PEtXf

    @_r_netsec

    1 Jun 2025

    902 Impressions

    0 Retweets

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    1 Jun 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. A China-nexus group is actively exploiting critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to remotely execute code and exfiltrate data, deploying KrustyLoader malware via AWS S3 buckets across global sectors. 🚨 #Ivanti #KrustyLoader https://t.co/pCmtCPEz6y

    @TweetThreatNews

    30 May 2025

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    28 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Looking through a long list of vulnerable Ivanti devices, trying to find out if a customer is listed and how to reach someone on the other side to inform them about exposed Ivanti EPMM services affected by RCEs tracked as CVE-2025-4427 and CVE-2025-4428. It affects every sector:

    @cyb3rops

    26 May 2025

    19210 Impressions

    17 Retweets

    74 Likes

    31 Bookmarks

    4 Replies

    1 Quote

  10. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    26 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 中国系ハッカーUNC5221が、Ivanti EPMMの脆弱性(CVE-2025-4427/4428)を悪用し、医療、通信、金融、防衛などの分野を標的に攻撃を展開。KrustyLoaderやSliverを用いて持続的なアクセスを確立し、機密データを窃取。企業

    @01ra66it

    25 May 2025

    1734 Impressions

    7 Retweets

    24 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  12. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    25 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2025-4427 & CVE-2025-4428 : Live Forensic Collection from Ivanti EPMM Appliances https://t.co/JdtrsTg8PP

    @freedomhack101

    24 May 2025

    64 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been exploiting zero-days in ed

    @cybertzar

    24 May 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/qytojl3kAT https://t.co/JCNZ4Dbbcz

    @IT_Peurico

    23 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🕵️‍♂️ Chinese Spies Exploit Ivanti Flaws Across Critical Sectors UNC5221 hits gov, healthcare & finance using Ivanti RCE bugs (CVE-2025-4427/4428). Patch now—exploits are live. https://t.co/3h1kL1dIR6 #CyberEspionage #Ivanti #UNC5221 #APT #Infosec https://t.co

    @dCypherIO

    23 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 中国関連のサイバースパイグループUNC5221が、Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427および4428)を悪用し、欧州・北米・アジア太平洋の重要分野を標的に攻撃を行っている。

    @yousukezan

    23 May 2025

    2054 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. China-linked group UNC5221 is exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 & CVE-2025-4428 to target organizations in Europe & North America. Immediate patching is crucial. 🚨 #CyberThreat #IvantiVulns #US https://t.co/TLR6tQobQe

    @TweetThreatNews

    23 May 2025

    88 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4427 #Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability https://t.co/EBDlahs5wv

    @ScyScan

    22 May 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Security Bulletin: Critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) are being actively exploited for unauthenticated RCE. Patch now to versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. #ThreatIntel #RedLeggCTI #Ivanti EPMM https://t.co/2npCLP8IyP

    @RedLegg

    22 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/bUAYNdljdQ https://t.co/BMqr2Poz0u

    @secharvesterx

    22 May 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Chinese-linked hackers exploited patched Ivanti EPMM vulnerabilities (CVE-2025-4427/4428) to target global enterprises, deploying sophisticated malware like KrustyLoader and Auto-Color Linux backdoors. ⚠️ #CyberAttack #China #KrustyLoader https://t.co/ccC8GX3YSi

    @TweetThreatNews

    22 May 2025

    77 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2025-4427 & 4428 in Ivanti EPMM are being exploited by Chinese APT UNC5221. Flaws allow unauthenticated RCE across key sectors. Malware: KrustyLoader, Sliver. Patch now. #Ivanti #CVE2025 #ZeroDay #CyberSecurity #UNC5221 #PatchNow #InfoSec https://t.co/DDNcBEVKS4

    @CloneSystemsInc

    22 May 2025

    66 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    22 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including

    @ProferoSec

    22 May 2025

    247 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including

    @ProferoSec

    22 May 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 📌 استغل هاكرز صينيون ثغرات برمجيات Ivanti Endpoint Manager Mobile (EPMM) لتوجيه هجمات على قطاعات متنوعة في أوروبا وأمريكا الشمالية ومنطقة آسيا والمحيط الهادئ. الثغرتان،

    @Cybercachear

    22 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors. Full report → https://t.co/XldtbDhTcb... https://t.co/PoDZgnQUNh

    @IT_news_for_all

    22 May 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors. Full report → https://t.co/t1DDUtcNV3

    @TheHackersNews

    22 May 2025

    8939 Impressions

    19 Retweets

    44 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 New Wiz research: Active exploitation of Ivanti EPMM flaws (CVE-2025-4427 & 4428) enables RCE in the wild. Cloud systems are at risk; patch now. Wiz customers can find pre-built detection queries in the Threat Intelligence Center. Full details 👉 https://t.co/WeTY1u

    @wiz_io

    22 May 2025

    798 Impressions

    3 Retweets

    16 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. Actively exploited CVE : CVE-2025-4427

    @transilienceai

    22 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. 🛡️ Ivanti Flaws Under Attack—RCE Chain Targets Unpatched Systems CVE-2025-4427 + 4428 enable unauth RCE on Ivanti EPMM. Exploits dropped May 16—patch now or risk Sliver beacons! https://t.co/lRPEDCajqb #Ivanti #Cybersecurity #RCE #Infosec https://t.co/stpBZwJVDS

    @dCypherIO

    21 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/avxFH9RjK7 https://t.co/eVXutALGXS

    @IT_Peurico

    21 May 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Ivanti EPMM is impacted by chained CVE-2025-4427 & CVE-2025-4428 flaws, enabling unauthenticated remote code execution—being actively exploited in the wild. A critical risk for versions up to 12.4.0.1. ⚠️ #IvantiEPMM #Vulnerabilities #CyberUK https://t.co/1AbtNOeIfC

    @TweetThreatNews

    21 May 2025

    35 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨 CISA added Ivanti's EPMM Zero Day Vulnerabilities CVE-2025-4427 and CVE-2025-4428 as KEV. #ivanti https://t.co/hUCf4CE0hk

    @CSec88

    20 May 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. 🚨 CVE Alert: Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4427 (CVSS 5.3/10) Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability Impact: A successful exploit may allo

    @CyberxtronTech

    20 May 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4427 #Ivanti #Endpoint Manager #Mobile (#EPMM) #Authentication #Bypass #Vulnerability https://t.co/EBDlahsDm3

    @ScyScan

    20 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote code execution, warns watchTowr. https://t.co/fHaZcJIdMB

    @blackwired32799

    20 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Ivantiのモバイルデバイス管理ソフト「Endpoint Mobile Manager(EPMM)」において、中程度および高リスクの脆弱性(CVE-2025-4427とCVE-2025-4428)が連携して悪用され、一部ユーザーがハッキング被害を受けた。 これによ

    @yousukezan

    19 May 2025

    633 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  40. 최신 사이버보안 분석: Ivanti의 심각한 제로데이 취약점(CVE-2025-4427/4428)이 적극적으로 악용되고 있습니다. 5월 스캐닝 활동 급증 후 실제 공격이 진행 중. 즉각적인 패치 적용이 필요합니다. 자세한 내용: https://t.co/

    @elodian_ni26490

    19 May 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Heads up! Two Ivanti EPMM vulnerabilities, CVE-2025-4427 & CVE-2025-4428, can be chained for unauthenticated RCE. With exploits happening in the wild, proactively defend against potential threats using a new Sigma rule from SOC Prime Platform. https://t.co/EWiEIGp4oL

    @SOC_Prime

    19 May 2025

    217 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    17 May 2025

    147 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Two critical Ivanti zero-days (CVE-2025-4427 + CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. Immediate patching is required. Get more details here ⬇️ https://t.co/B06owv29HR #ZeroDay #CyberSecurity #threatintel

    @GreyNoiseIO

    16 May 2025

    4266 Impressions

    36 Retweets

    49 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  44. On 5/13/25, #Ivanti disclosed 2 new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM): CVE-2025-4427 & CVE-2025-4428. The vulnerabilities allow for unauthenticated RCE when chained, and successful exploitation has been observed in the wild: https://t.co/xY

    @rapid7

    16 May 2025

    400 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  45. #CVE-2025-4427 GPT 深度研究非常好用 https://t.co/xiZIcOLaBg

    @_r00tuser

    16 May 2025

    561 Impressions

    0 Retweets

    6 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  46. CVE-2025-4427/4428 : Ivanti EPMM Remote Code Execution - Technical Analysis https://t.co/dRMFN8bnxO @pdiscoveryio

    @tbbhunter

    16 May 2025

    716 Impressions

    2 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  47. GitHub - watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428 - https://t.co/kHnSap7txf

    @piedpiper1616

    16 May 2025

    966 Impressions

    6 Retweets

    20 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  48. Every security researcher knows the dance: satisfy every parameter, only to hit a 403 at the finish line. In our analysis of CVE-2025-4427 and 4428, that same flow led to unauthenticated RCE in Ivanti EPMM. Within 24 hours, we published a Nuclei template to detect the issue. htt

    @pdiscoveryio

    15 May 2025

    7923 Impressions

    15 Retweets

    75 Likes

    23 Bookmarks

    1 Reply

    1 Quote

  49. 🚨 CVE-2025-4427 - critical 🚨 Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution > An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to acce... 👾 https://t.co/1P5nxIED6s @pdnuclei #NucleiTemplat...

    @pdnuclei_bot

    15 May 2025

    1202 Impressions

    6 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  50. Expression payloads meet mayhem in this week's Ivanti EPMM vulnerabilities — CVE-2025-4427 and CVE-2025-4428 — chained to achieve unauth RCE. Beware - this is currently being exploited ITW! Enjoy our analysis. https://t.co/OQVc7vKdY4

    @watchtowrcyber

    15 May 2025

    21978 Impressions

    56 Retweets

    151 Likes

    39 Bookmarks

    1 Reply

    10 Quotes

Configurations