- Description
- An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
- Exploit added on
- May 19, 2025
- Exploit action due
- Jun 9, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-288
- Hype score
- Not currently trending
31 new OPEN, 33 new PRO (31 + 2) Lumma Stealer, Landupdate808, TA569, Ghostframe Phishing Kit, StealC_V2, several CVEs (beward CVE-2019-25246, Ivanti CVE-2025-4427 (new variants), sgbox CVE-2025-14704 - 14709), and much more. https://t.co/bFNUmNuT8j
@ET_Labs
5 Jan 2026
221 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️Two IP addresses exploiting Ivanti EPMM honeypots using CVE-2025-4427, attempting to install a Linux cryptominer (XMRig-family), plus run defense evasion, competition removal, and persistence: 38.99.248.135 ( COGENT-174 ) 140.235.142.61 ( KOMI-NET ) with files hosted at
@DefusedCyber
5 Jan 2026
3623 Impressions
13 Retweets
51 Likes
9 Bookmarks
1 Reply
0 Quotes
🚨 Ivanti EPMM Zero-Days Turn Mobile MDM Into an Enterprise-Wide C2 Ivanti EPMM’s spring 2025 zero-day chain (CVE-2025-4427 + CVE-2025-4428) was weaponized against thousands of orgs—especially in Europe—letting attackers pivot from an internet-facing MDM server into enrol
@ThreatSynop
31 Dec 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-50165 2 - CVE-2025-6218 3 - CVE-2025-27591 4 - CVE-2025-4427 5 - CVE-2025-31161 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Nov 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor using a modified CVE-2025-4427 variant against Ivanti EPMM honeypots 🍯 Attacker source ASN: AS 4847 ( China Networks Inter-Exchange ) 0/95 VT Detections 🟢 View full details on Defused 👇 https://t.co/WQfA6F027d
@DefusedCyber
20 Nov 2025
6907 Impressions
14 Retweets
25 Likes
6 Bookmarks
1 Reply
1 Quote
🚨 Black Hat Europe Briefing Alert 🚨 "One Entry Point to Thousands of Phones" 📱🔓 A China-nexus APT group (UNC5221) is actively exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities (CVE-2025-4427 & CVE-2025-4428) to gain unauthenticated remote access to
@BlackHatEvents
8 Oct 2025
4301 Impressions
2 Retweets
6 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 Cyber Threat Alerts - Last 24hrs: • CISA warns of active exploitation of Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428); attackers use chained exploits and EL injection—immediate patching required.
@vega_next
23 Sept 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ @CISAgov has issued a new malware analysis report on #Ivanti EPMM exploits (CVE-2025-4427, CVE-2025-4428). The findings highlight just how quickly adversaries move to weaponize vulnerabilities in centralized endpoint management tools. https://t.co/VONsiPbr9l https://t.co/
@DispersiveHold
22 Sept 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/qnhqxZYeMH #cybersecurity #cyber #security #hackers #cyberattack #databreach #incidentresponse #China The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on
@zeeshankghouri
22 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA Warns of Two #Malware Strains #Exploiting #Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/AphgSoJkfQ
@miguelcarvajalm
21 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Two malware strains are actively exploiting Ivanti EPMM flaws (CVE-2025-4427 & CVE-2025-4428). Admins: patch immediately & monitor for unusual activity. #Ivanti #CISA #ZeroDay #CyberSecurity https://t.co/kbzPzkPXHq
@SecurEpitome
21 Sept 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reported two malware strains exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 and CVE-2025-4428, discovered in an unnamed organization's network. https://t.co/L3CWZxWYna
@securityRSS
20 Sept 2025
170 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IVANTI EPMM CVE EXPLOITED — Malicious Tomcat listeners enable RCE CORTEX Analysis: Attackers chained CVE-2025-4427/4428, dropping loaders to persist via HTTP interception. Treat MDM as high-value assets. Full intel: https://t.co/6t5xNZvsMe
@the_c_protocol
20 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/r3sH6Yqe76
@PVynckier
20 Sept 2025
87 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Новая угроза в кибербезопасности: атака на Ivanti EPMM. В уязвимости CVE-2025-4427 и CVE-2025-4428 хакеры получили доступ к конфиденциальной информации и развернули вред
@cybereye_ru
20 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Ivanti EPMM flaws (CVE-2025-4427, CVE-2025-4428) are actively exploited.Threat actors employ Java loaders and fragmented Base64 payloads with covert listeners to achieve stealthy remote code execution.#Ivanti #EPMM #CVE2025 #CISA #cybersecurity #malware #rce #threatintel
@EUNOMATIX1
20 Sept 2025
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPMM攻撃におけるマルウェアキットの脅威と対策(CVE-2025-4427、CVE-2025-4428) https://t.co/pzTygFKfpL #Security #セキュリティー #ニュース
@SecureShield_
20 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE ALERT: Ivanti EPMM Under Attack! 🔥 ⚠️ Threat: CVE-2025-4427 & CVE-2025-4428 exploited with custom malware kits (RCE) 💻 Impact: Hits unpatched Ivanti EPMM → v11.12.0.4, 12.3.0.1, 12.4.0.1, 12.5.0.0 🛡️ Action: Patch NOW + hunt for IOCs before it’s t
@Newtalics
19 Sept 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA details malware from Ivanti EPMM intrusions exploiting CVE-2025-4427 & CVE-2025-4428 vulnerabilities. UNC5221 actors used loaders and malicious listeners for remote commands and persistence. #IvantiEPMM #UNC5221 #China https://t.co/Xc4hSkQvTD
@TweetThreatNews
19 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 𝐂𝐈𝐒𝐀 𝐀𝐥𝐞𝐫𝐭𝐬 𝐨𝐟 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐓𝐚𝐫𝐠𝐞𝐭𝐢𝐧𝐠 𝐈𝐯𝐚𝐧𝐭𝐢 𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐌𝐚𝐧𝐚𝐠𝐞𝐫 𝐌𝐨𝐛𝐢𝐥𝐞 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢
@PurpleOps_io
19 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UK national charged in Scattered Spider attacks on critical infrastructure. Group used AI chatbots + fake leaks to spread disinfo. ⚠️ CISA warns: Ivanti CVE-2025-4427/4428 under active exploitation w/ Python webshells. 📌 VA man convicted in repeat CSAM case (15yr mini
@TechNadu
19 Sept 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two #malware Strains Exploiting Ivanti EPMM #CVE-2025-4427 and #CVE-2025-4428 https://t.co/zeBJrOREbi
@AdliceSoftware
19 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two malware sets exploit CVE-2025-4427 and CVE-2025-4428 in #Ivanti Endpoint Manager Mobile. Exploits enable authentication bypass and remote code execution; attackers drop Java loaders (web-install.jar + class files) in /tmp to persist, decode payloads and execute arbitrary code
@MeridianEU
19 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - September 19, 2025 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed two malware strains exploiting vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM). These malware strains
@NewsNerdie
19 Sept 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/Mu2FyeHnae #CyberSecurity
@EpicPlain
19 Sept 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of new malware exploiting critical Ivanti EPMM flaws (CVE-2025-4427/8) found in a breached network, enabling arbitrary code execution. Patch now! 🚨 https://t.co/74IT7Lk0Up #CISA #IvantiEPMM #Cybersecurity #Malware
@0xT3chn0m4nc3r
19 Sept 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/YWKBhUKxLV https://t.co/9M3Ujilx9Z
@talentxfactor
19 Sept 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/WxgqHpGhQT
@buzz_sec
19 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/1O6HOKDU3H https://t.co/JX3iiHaRbK
@RigneySec
19 Sept 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 #security #cybersecurity #hack #it-security https://t.co/ruHJr6Dd4t
@TheCySecNews
19 Sept 2025
12 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL VULNERABILITY ALERT Ivanti EPMM has two new exploited vulnerabilities (CVE-2025-4427/4428). An unauthenticated attacker can achieve RCE. Patch immediately! https://t.co/px7yFF1NPH https://t.co/LoGOgg9Pq9
@cyberbivash
18 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428 https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
@watchtowrcyber
16 Jul 2025
14703 Impressions
42 Retweets
160 Likes
39 Bookmarks
0 Replies
2 Quotes
cve-2025-4427'in ciddi cpe sıkıntısı var vendor ve nist tarafı çelişkili
@mdmrrr_34
5 Jul 2025
264 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Ivanti EPMM users: patches are available for CVE-2025-4427 & 4428. RH-ISAC breaks down the exploit path, indicators of compromise, and steps for staying secure. No cause for alarm - just good cyber hygiene. 📖 https://t.co/Vodems6GMe #CyberSecurity #RHISAC #Ivanti
@RH_ISAC
21 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【MBSD-SOCの検知傾向トピックス】 2025年5月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Ivanti Endpoint Manager Mobileの脆弱性(CVE-2025-4427, CVE-2025-4428)を狙った攻撃を新たに観測しました。 ▼詳しくは
@mbsdnews
13 Jun 2025
45 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Az Ivanti sebezhetőségeivel a támadók kritikus infrastruktúrákat vesznek célba Az Ivanti Endpoint Manager Mobile (EPMM) két közelmúltbeli sebezhetőségét használta ki egy feltételezhetően Kínához köthető kiberkémkedési csoport. Ivanti sérülékenység CV
@linuxmint_hun
2 Jun 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 25/05/19:Ivanti EPMM の脆弱性 CVE-2025-4427/4428 を登録 https://t.co/OSaYfwXYmm Ivanti EPMM の脆弱性 CVE-2025-4427/4428が CISA KEV に登録されました。当該製品をご利用のチームは、十分にご注意ください。
@iototsecnews
2 Jun 2025
86 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
1 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/3Xp01PEtXf
@_r_netsec
1 Jun 2025
902 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
1 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A China-nexus group is actively exploiting critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to remotely execute code and exfiltrate data, deploying KrustyLoader malware via AWS S3 buckets across global sectors. 🚨 #Ivanti #KrustyLoader https://t.co/pCmtCPEz6y
@TweetThreatNews
30 May 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
28 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Looking through a long list of vulnerable Ivanti devices, trying to find out if a customer is listed and how to reach someone on the other side to inform them about exposed Ivanti EPMM services affected by RCEs tracked as CVE-2025-4427 and CVE-2025-4428. It affects every sector:
@cyb3rops
26 May 2025
19210 Impressions
17 Retweets
74 Likes
31 Bookmarks
4 Replies
1 Quote
Actively exploited CVE : CVE-2025-4427
@transilienceai
26 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国系ハッカーUNC5221が、Ivanti EPMMの脆弱性(CVE-2025-4427/4428)を悪用し、医療、通信、金融、防衛などの分野を標的に攻撃を展開。KrustyLoaderやSliverを用いて持続的なアクセスを確立し、機密データを窃取。企業
@01ra66it
25 May 2025
1734 Impressions
7 Retweets
24 Likes
6 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-4427
@transilienceai
25 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4427 & CVE-2025-4428 : Live Forensic Collection from Ivanti EPMM Appliances https://t.co/JdtrsTg8PP
@freedomhack101
24 May 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been exploiting zero-days in ed
@cybertzar
24 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/qytojl3kAT https://t.co/JCNZ4Dbbcz
@IT_Peurico
23 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🕵️♂️ Chinese Spies Exploit Ivanti Flaws Across Critical Sectors UNC5221 hits gov, healthcare & finance using Ivanti RCE bugs (CVE-2025-4427/4428). Patch now—exploits are live. https://t.co/3h1kL1dIR6 #CyberEspionage #Ivanti #UNC5221 #APT #Infosec https://t.co
@dCypherIO
23 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF89238-9401-4106-8999-511712A0A51F",
"versionEndExcluding": "11.12.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F4C3FB-278B-4F4D-A5EF-188F49322405",
"versionEndExcluding": "12.3.0.2",
"versionStartIncluding": "12.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95FC0377-42AE-49FD-BE90-919F46D075C9",
"versionEndExcluding": "12.4.0.2",
"versionStartIncluding": "12.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F9CD37-B058-4D65-86B1-9168215D2608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]