AI description
CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.
- Description
- An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
- Exploit added on
- May 19, 2025
- Exploit action due
- Jun 9, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-288
- Hype score
- Not currently trending
【MBSD-SOCの検知傾向トピックス】 2025年5月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Ivanti Endpoint Manager Mobileの脆弱性(CVE-2025-4427, CVE-2025-4428)を狙った攻撃を新たに観測しました。 ▼詳しくは
@mbsdnews
13 Jun 2025
45 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Az Ivanti sebezhetőségeivel a támadók kritikus infrastruktúrákat vesznek célba Az Ivanti Endpoint Manager Mobile (EPMM) két közelmúltbeli sebezhetőségét használta ki egy feltételezhetően Kínához köthető kiberkémkedési csoport. Ivanti sérülékenység CV
@linuxmint_hun
2 Jun 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 25/05/19:Ivanti EPMM の脆弱性 CVE-2025-4427/4428 を登録 https://t.co/OSaYfwXYmm Ivanti EPMM の脆弱性 CVE-2025-4427/4428が CISA KEV に登録されました。当該製品をご利用のチームは、十分にご注意ください。
@iototsecnews
2 Jun 2025
86 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
1 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/3Xp01PEtXf
@_r_netsec
1 Jun 2025
902 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
1 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A China-nexus group is actively exploiting critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to remotely execute code and exfiltrate data, deploying KrustyLoader malware via AWS S3 buckets across global sectors. 🚨 #Ivanti #KrustyLoader https://t.co/pCmtCPEz6y
@TweetThreatNews
30 May 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
28 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Looking through a long list of vulnerable Ivanti devices, trying to find out if a customer is listed and how to reach someone on the other side to inform them about exposed Ivanti EPMM services affected by RCEs tracked as CVE-2025-4427 and CVE-2025-4428. It affects every sector:
@cyb3rops
26 May 2025
19210 Impressions
17 Retweets
74 Likes
31 Bookmarks
4 Replies
1 Quote
Actively exploited CVE : CVE-2025-4427
@transilienceai
26 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国系ハッカーUNC5221が、Ivanti EPMMの脆弱性(CVE-2025-4427/4428)を悪用し、医療、通信、金融、防衛などの分野を標的に攻撃を展開。KrustyLoaderやSliverを用いて持続的なアクセスを確立し、機密データを窃取。企業
@01ra66it
25 May 2025
1734 Impressions
7 Retweets
24 Likes
6 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-4427
@transilienceai
25 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4427 & CVE-2025-4428 : Live Forensic Collection from Ivanti EPMM Appliances https://t.co/JdtrsTg8PP
@freedomhack101
24 May 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been exploiting zero-days in ed
@cybertzar
24 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/qytojl3kAT https://t.co/JCNZ4Dbbcz
@IT_Peurico
23 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🕵️♂️ Chinese Spies Exploit Ivanti Flaws Across Critical Sectors UNC5221 hits gov, healthcare & finance using Ivanti RCE bugs (CVE-2025-4427/4428). Patch now—exploits are live. https://t.co/3h1kL1dIR6 #CyberEspionage #Ivanti #UNC5221 #APT #Infosec https://t.co
@dCypherIO
23 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
中国関連のサイバースパイグループUNC5221が、Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427および4428)を悪用し、欧州・北米・アジア太平洋の重要分野を標的に攻撃を行っている。
@yousukezan
23 May 2025
2054 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
China-linked group UNC5221 is exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 & CVE-2025-4428 to target organizations in Europe & North America. Immediate patching is crucial. 🚨 #CyberThreat #IvantiVulns #US https://t.co/TLR6tQobQe
@TweetThreatNews
23 May 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4427 #Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability https://t.co/EBDlahs5wv
@ScyScan
22 May 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) are being actively exploited for unauthenticated RCE. Patch now to versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. #ThreatIntel #RedLeggCTI #Ivanti EPMM https://t.co/2npCLP8IyP
@RedLegg
22 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/bUAYNdljdQ https://t.co/BMqr2Poz0u
@secharvesterx
22 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese-linked hackers exploited patched Ivanti EPMM vulnerabilities (CVE-2025-4427/4428) to target global enterprises, deploying sophisticated malware like KrustyLoader and Auto-Color Linux backdoors. ⚠️ #CyberAttack #China #KrustyLoader https://t.co/ccC8GX3YSi
@TweetThreatNews
22 May 2025
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427 & 4428 in Ivanti EPMM are being exploited by Chinese APT UNC5221. Flaws allow unauthenticated RCE across key sectors. Malware: KrustyLoader, Sliver. Patch now. #Ivanti #CVE2025 #ZeroDay #CyberSecurity #UNC5221 #PatchNow #InfoSec https://t.co/DDNcBEVKS4
@CloneSystemsInc
22 May 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
22 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including
@ProferoSec
22 May 2025
247 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including
@ProferoSec
22 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغل هاكرز صينيون ثغرات برمجيات Ivanti Endpoint Manager Mobile (EPMM) لتوجيه هجمات على قطاعات متنوعة في أوروبا وأمريكا الشمالية ومنطقة آسيا والمحيط الهادئ. الثغرتان،
@Cybercachear
22 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors. Full report → https://t.co/XldtbDhTcb... https://t.co/PoDZgnQUNh
@IT_news_for_all
22 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors. Full report → https://t.co/t1DDUtcNV3
@TheHackersNews
22 May 2025
8939 Impressions
19 Retweets
44 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨 New Wiz research: Active exploitation of Ivanti EPMM flaws (CVE-2025-4427 & 4428) enables RCE in the wild. Cloud systems are at risk; patch now. Wiz customers can find pre-built detection queries in the Threat Intelligence Center. Full details 👉 https://t.co/WeTY1u
@wiz_io
22 May 2025
798 Impressions
3 Retweets
16 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
22 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ Ivanti Flaws Under Attack—RCE Chain Targets Unpatched Systems CVE-2025-4427 + 4428 enable unauth RCE on Ivanti EPMM. Exploits dropped May 16—patch now or risk Sliver beacons! https://t.co/lRPEDCajqb #Ivanti #Cybersecurity #RCE #Infosec https://t.co/stpBZwJVDS
@dCypherIO
21 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/avxFH9RjK7 https://t.co/eVXutALGXS
@IT_Peurico
21 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPMM is impacted by chained CVE-2025-4427 & CVE-2025-4428 flaws, enabling unauthenticated remote code execution—being actively exploited in the wild. A critical risk for versions up to 12.4.0.1. ⚠️ #IvantiEPMM #Vulnerabilities #CyberUK https://t.co/1AbtNOeIfC
@TweetThreatNews
21 May 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA added Ivanti's EPMM Zero Day Vulnerabilities CVE-2025-4427 and CVE-2025-4428 as KEV. #ivanti https://t.co/hUCf4CE0hk
@CSec88
20 May 2025
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE Alert: Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4427 (CVSS 5.3/10) Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability Impact: A successful exploit may allo
@CyberxtronTech
20 May 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4427 #Ivanti #Endpoint Manager #Mobile (#EPMM) #Authentication #Bypass #Vulnerability https://t.co/EBDlahsDm3
@ScyScan
20 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote code execution, warns watchTowr. https://t.co/fHaZcJIdMB
@blackwired32799
20 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivantiのモバイルデバイス管理ソフト「Endpoint Mobile Manager(EPMM)」において、中程度および高リスクの脆弱性(CVE-2025-4427とCVE-2025-4428)が連携して悪用され、一部ユーザーがハッキング被害を受けた。 これによ
@yousukezan
19 May 2025
633 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
최신 사이버보안 분석: Ivanti의 심각한 제로데이 취약점(CVE-2025-4427/4428)이 적극적으로 악용되고 있습니다. 5월 스캐닝 활동 급증 후 실제 공격이 진행 중. 즉각적인 패치 적용이 필요합니다. 자세한 내용: https://t.co/
@elodian_ni26490
19 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Heads up! Two Ivanti EPMM vulnerabilities, CVE-2025-4427 & CVE-2025-4428, can be chained for unauthenticated RCE. With exploits happening in the wild, proactively defend against potential threats using a new Sigma rule from SOC Prime Platform. https://t.co/EWiEIGp4oL
@SOC_Prime
19 May 2025
217 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2025
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical Ivanti zero-days (CVE-2025-4427 + CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. Immediate patching is required. Get more details here ⬇️ https://t.co/B06owv29HR #ZeroDay #CyberSecurity #threatintel
@GreyNoiseIO
16 May 2025
4266 Impressions
36 Retweets
49 Likes
8 Bookmarks
0 Replies
0 Quotes
On 5/13/25, #Ivanti disclosed 2 new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM): CVE-2025-4427 & CVE-2025-4428. The vulnerabilities allow for unauthenticated RCE when chained, and successful exploitation has been observed in the wild: https://t.co/xY
@rapid7
16 May 2025
400 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
#CVE-2025-4427 GPT 深度研究非常好用 https://t.co/xiZIcOLaBg
@_r00tuser
16 May 2025
561 Impressions
0 Retweets
6 Likes
4 Bookmarks
1 Reply
0 Quotes
CVE-2025-4427/4428 : Ivanti EPMM Remote Code Execution - Technical Analysis https://t.co/dRMFN8bnxO @pdiscoveryio
@tbbhunter
16 May 2025
716 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428 - https://t.co/kHnSap7txf
@piedpiper1616
16 May 2025
966 Impressions
6 Retweets
20 Likes
2 Bookmarks
0 Replies
0 Quotes
Every security researcher knows the dance: satisfy every parameter, only to hit a 403 at the finish line. In our analysis of CVE-2025-4427 and 4428, that same flow led to unauthenticated RCE in Ivanti EPMM. Within 24 hours, we published a Nuclei template to detect the issue. htt
@pdiscoveryio
15 May 2025
7923 Impressions
15 Retweets
75 Likes
23 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-4427 - critical 🚨 Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution > An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to acce... 👾 https://t.co/1P5nxIED6s @pdnuclei #NucleiTemplat...
@pdnuclei_bot
15 May 2025
1202 Impressions
6 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
Expression payloads meet mayhem in this week's Ivanti EPMM vulnerabilities — CVE-2025-4427 and CVE-2025-4428 — chained to achieve unauth RCE. Beware - this is currently being exploited ITW! Enjoy our analysis. https://t.co/OQVc7vKdY4
@watchtowrcyber
15 May 2025
21978 Impressions
56 Retweets
151 Likes
39 Bookmarks
1 Reply
10 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDF89238-9401-4106-8999-511712A0A51F",
"versionEndExcluding": "11.12.0.5"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3F4C3FB-278B-4F4D-A5EF-188F49322405",
"versionEndExcluding": "12.3.0.2",
"versionStartIncluding": "12.3.0.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95FC0377-42AE-49FD-BE90-919F46D075C9",
"versionEndExcluding": "12.4.0.2",
"versionStartIncluding": "12.4.0.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3F9CD37-B058-4D65-86B1-9168215D2608"
}
],
"operator": "OR"
}
]
}
]