AI description
CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.
- Description
- An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-288
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2025
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical Ivanti zero-days (CVE-2025-4427 + CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. Immediate patching is required. Get more details here ⬇️ https://t.co/B06owv29HR #ZeroDay #CyberSecurity #threatintel
@GreyNoiseIO
16 May 2025
4266 Impressions
36 Retweets
49 Likes
8 Bookmarks
0 Replies
0 Quotes
On 5/13/25, #Ivanti disclosed 2 new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM): CVE-2025-4427 & CVE-2025-4428. The vulnerabilities allow for unauthenticated RCE when chained, and successful exploitation has been observed in the wild: https://t.co/xY
@rapid7
16 May 2025
400 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
#CVE-2025-4427 GPT 深度研究非常好用 https://t.co/xiZIcOLaBg
@_r00tuser
16 May 2025
561 Impressions
0 Retweets
6 Likes
4 Bookmarks
1 Reply
0 Quotes
CVE-2025-4427/4428 : Ivanti EPMM Remote Code Execution - Technical Analysis https://t.co/dRMFN8bnxO @pdiscoveryio
@tbbhunter
16 May 2025
716 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428 - https://t.co/kHnSap7txf
@piedpiper1616
16 May 2025
966 Impressions
6 Retweets
20 Likes
2 Bookmarks
0 Replies
0 Quotes
Every security researcher knows the dance: satisfy every parameter, only to hit a 403 at the finish line. In our analysis of CVE-2025-4427 and 4428, that same flow led to unauthenticated RCE in Ivanti EPMM. Within 24 hours, we published a Nuclei template to detect the issue. htt
@pdiscoveryio
15 May 2025
7923 Impressions
15 Retweets
75 Likes
23 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-4427 - critical 🚨 Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution > An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to acce... 👾 https://t.co/1P5nxIED6s @pdnuclei #NucleiTemplat...
@pdnuclei_bot
15 May 2025
1202 Impressions
6 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
Expression payloads meet mayhem in this week's Ivanti EPMM vulnerabilities — CVE-2025-4427 and CVE-2025-4428 — chained to achieve unauth RCE. Beware - this is currently being exploited ITW! Enjoy our analysis. https://t.co/OQVc7vKdY4
@watchtowrcyber
15 May 2025
21978 Impressions
56 Retweets
151 Likes
39 Bookmarks
1 Reply
10 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/w74Ihm9Lbj https://t.co/lNQWCvo9iA
@ggrubamn
15 May 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/lmCe920EBK https://t.co/XDa8gzxoBZ
@secured_cyber
15 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/US4UBhdp7A https://t.co/woCiMo4rdo
@pcasano
15 May 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ivanti has released patches for critical vulnerabilities in Endpoint Manager Mobile (CVE-2025-4427 & CVE-2025-4428) that enabled remote code execution and auth bypass. Affected versions: 11.12.0.4 & earlier. Stay protected! 🔒 #Infosec #Updates #UK https://t.co/Z7nnAlKk
@TweetThreatNews
15 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/uO3IVkUkzq https://t.co/yl0W9he9r1
@PintoriAlice
15 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
注意喚起: Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427、CVE-2025-4428)に関する注意喚起 (公開) https://t.co/GBFXfMCCfz
@AileenWoodstock
15 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
統合版 JPCERT/CC | 注意喚起: Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427、CVE-2025-4428)に関する注意喚起 (公開) https://t.co/3oEZ0PUugy #itsec_jp
@itsec_jp
15 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Ivanti fixes two vulnerabilities in EPMM exploited in limited attacks. CVE-2025-4427 allows remote code execution. Security updates released. #CyberSecurity #Vulnerability https://t.co/G7NVd7jGKx https://t.co/zvD2yIzWMG
@CyberHub_blog
14 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Ivanti Patches 2 Actively Exploited Zero-Days Ivanti fixed EPMM flaws CVE-2025-4427/4428 enabling remote code execution. Attacks confirmed—patch now & filter API access. https://t.co/mswx0DlhIR #Ivanti #ZeroDay #CyberSecurity https://t.co/4SfBRVzdig
@dCypherIO
14 May 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti has released patches for two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software: CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (remote code execution). https://t.co/honmMCMwav
@securityRSS
14 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Alerte CERT-FR⚠️ Les vulnérabilités CVE-2025-4427 et CVE-2025-4428 permettent à un attaquant non authentifié d'exécuter du code arbitraire à distance dans lvanti EPMM. Elles sont activement exploitées. https://t.co/B814hlKs36
@CERT_FR
14 May 2025
7539 Impressions
8 Retweets
20 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/drZpY4xNXo https://t.co/ZOBybeSSeW
@Art_Capella
14 May 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-4427:An authentication bypass in the API component of Ivanti Endpoint Manager Mobile CVE-2025-4428:Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 📊740.6K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter https
@HunterMapping
14 May 2025
2395 Impressions
15 Retweets
41 Likes
17 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Exploited #Ivanti: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2025-4427 e CVE-2025-4428 per il prodotto #EPMM Rischio: 🔴 Tra le tipologie: 🔸 Remote Code Execution 🔗 https://t.co/EnZRxOE0pV ⚠ Importante aggiornar… https://t.
@Vulcanux_
14 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/jh2GuFk8h3 https://t.co/F23qbVTArF
@Trej0Jass
14 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Shadowserver has identified thousands of Ivanti EPMM instances exposed online with zero-day CVE-2025-4427and CVE-2025-4428. 🇩🇪 Germany: 992 🇺🇸 USA: 418 ⚠️ Patch immediately to prevent exploitation. #ZeroDay #Ivanti #CyberSecurity #InfoSec https://t.co/UW0cO
@CSec88
14 May 2025
153 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Another Ivanti exploit ALERT! Attackers are chaining two new flaws (CVE-2025-4427, 4428) for remote code execution on vulnerable EPMM versions. — Risk: Auth bypass ➕ RCE — Exploited: Yes (limited cases) ⚠️ Act fast—patch now / read more: https://t.co/n6McffZBX
@TheHackersNews
14 May 2025
70795 Impressions
54 Retweets
91 Likes
14 Bookmarks
1 Reply
5 Quotes
Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427、CVE-2025-4428)に関する注意喚起を公開。すでに脆弱性の悪用が確認されています。開発者が提供する最新の情報を元に、対策や緩和策の適用、侵害有無の調
@jpcert
14 May 2025
3596 Impressions
8 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
統合版 JPCERT/CC | 注意喚起: Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427、CVE-2025-4428)に関する注意喚起 (公開) https://t.co/7pvSHZgymT #itsec_jp
@itsec_jp
14 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
注意喚起: Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427、CVE-2025-4428)に関する注意喚起 (公開) https://t.co/BxyYo769OM
@AileenWoodstock
14 May 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Ivanti EPMM #vulnerabilities exploited in the wild (#CVE-2025-4427, CVE-2025-4428) https://t.co/2gczEdc1NN
@ScyScan
13 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428) https://t.co/C95Llq3BB5
@von_herren
13 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti releases patches for EPMM fixing two critical flaws—CVE-2025-4427 (bypass auth) & CVE-2025-4428 (remote code exec). Exploits could let attackers gain unauthorized access. Stay secure! 🚨 #CyberRisk #UK #Vulnerabilities https://t.co/tLsGOaaRGJ
@TweetThreatNews
13 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
More zero days, this time affecting Ivanti EPMM: - CVE-2025-4427 is an authentication bypass flaw that allows attackers to access protected resources without proper credentials - CVE-2025-4428 is a remote code execution vulnerability that allows attackers to execute arbitrary ht
@rxerium
13 May 2025
425 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
1 Quote
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) https://t.co/EgycbMxBCO https://t.co/De0qfluXpT
@secharvesterx
13 May 2025
175 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) https://t.co/wa5HiNsGTP #HelpNetSecurity #Cybersecurity https://t.co/x0PWBpg9q5
@PoseidonTPA
13 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes