AI description
CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.
- Description
- An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
- Exploit added on
- May 19, 2025
- Exploit action due
- Jun 9, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-288
- Hype score
- Not currently trending
CISA reported two malware strains exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 and CVE-2025-4428, discovered in an unnamed organization's network. https://t.co/L3CWZxWYna
@securityRSS
20 Sept 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IVANTI EPMM CVE EXPLOITED — Malicious Tomcat listeners enable RCE CORTEX Analysis: Attackers chained CVE-2025-4427/4428, dropping loaders to persist via HTTP interception. Treat MDM as high-value assets. Full intel: https://t.co/6t5xNZvsMe
@the_c_protocol
20 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Новая угроза в кибербезопасности: атака на Ivanti EPMM. В уязвимости CVE-2025-4427 и CVE-2025-4428 хакеры получили доступ к конфиденциальной информации и развернули вред
@cybereye_ru
20 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Ivanti EPMM flaws (CVE-2025-4427, CVE-2025-4428) are actively exploited.Threat actors employ Java loaders and fragmented Base64 payloads with covert listeners to achieve stealthy remote code execution.#Ivanti #EPMM #CVE2025 #CISA #cybersecurity #malware #rce #threatintel
@EUNOMATIX1
20 Sept 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPMM攻撃におけるマルウェアキットの脅威と対策(CVE-2025-4427、CVE-2025-4428) https://t.co/pzTygFKfpL #Security #セキュリティー #ニュース
@SecureShield_
20 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE ALERT: Ivanti EPMM Under Attack! 🔥 ⚠️ Threat: CVE-2025-4427 & CVE-2025-4428 exploited with custom malware kits (RCE) 💻 Impact: Hits unpatched Ivanti EPMM → v11.12.0.4, 12.3.0.1, 12.4.0.1, 12.5.0.0 🛡️ Action: Patch NOW + hunt for IOCs before it’s t
@Newtalics
19 Sept 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA details malware from Ivanti EPMM intrusions exploiting CVE-2025-4427 & CVE-2025-4428 vulnerabilities. UNC5221 actors used loaders and malicious listeners for remote commands and persistence. #IvantiEPMM #UNC5221 #China https://t.co/Xc4hSkQvTD
@TweetThreatNews
19 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 𝐂𝐈𝐒𝐀 𝐀𝐥𝐞𝐫𝐭𝐬 𝐨𝐟 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐓𝐚𝐫𝐠𝐞𝐭𝐢𝐧𝐠 𝐈𝐯𝐚𝐧𝐭𝐢 𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐌𝐚𝐧𝐚𝐠𝐞𝐫 𝐌𝐨𝐛𝐢𝐥𝐞 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢
@PurpleOps_io
19 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UK national charged in Scattered Spider attacks on critical infrastructure. Group used AI chatbots + fake leaks to spread disinfo. ⚠️ CISA warns: Ivanti CVE-2025-4427/4428 under active exploitation w/ Python webshells. 📌 VA man convicted in repeat CSAM case (15yr mini
@TechNadu
19 Sept 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two #malware Strains Exploiting Ivanti EPMM #CVE-2025-4427 and #CVE-2025-4428 https://t.co/zeBJrOREbi
@AdliceSoftware
19 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two malware sets exploit CVE-2025-4427 and CVE-2025-4428 in #Ivanti Endpoint Manager Mobile. Exploits enable authentication bypass and remote code execution; attackers drop Java loaders (web-install.jar + class files) in /tmp to persist, decode payloads and execute arbitrary code
@MeridianEU
19 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - September 19, 2025 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed two malware strains exploiting vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM). These malware strains
@NewsNerdie
19 Sept 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/Mu2FyeHnae #CyberSecurity
@EpicPlain
19 Sept 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of new malware exploiting critical Ivanti EPMM flaws (CVE-2025-4427/8) found in a breached network, enabling arbitrary code execution. Patch now! 🚨 https://t.co/74IT7Lk0Up #CISA #IvantiEPMM #Cybersecurity #Malware
@0xT3chn0m4nc3r
19 Sept 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/YWKBhUKxLV https://t.co/9M3Ujilx9Z
@talentxfactor
19 Sept 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/WxgqHpGhQT
@buzz_sec
19 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/1O6HOKDU3H https://t.co/JX3iiHaRbK
@RigneySec
19 Sept 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 #security #cybersecurity #hack #it-security https://t.co/ruHJr6Dd4t
@TheCySecNews
19 Sept 2025
12 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL VULNERABILITY ALERT Ivanti EPMM has two new exploited vulnerabilities (CVE-2025-4427/4428). An unauthenticated attacker can achieve RCE. Patch immediately! https://t.co/px7yFF1NPH https://t.co/LoGOgg9Pq9
@Iambivash007
18 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428 https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
@watchtowrcyber
16 Jul 2025
14703 Impressions
42 Retweets
160 Likes
39 Bookmarks
0 Replies
2 Quotes
cve-2025-4427'in ciddi cpe sıkıntısı var vendor ve nist tarafı çelişkili
@mdmrrr_34
5 Jul 2025
264 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Ivanti EPMM users: patches are available for CVE-2025-4427 & 4428. RH-ISAC breaks down the exploit path, indicators of compromise, and steps for staying secure. No cause for alarm - just good cyber hygiene. 📖 https://t.co/Vodems6GMe #CyberSecurity #RHISAC #Ivanti
@RH_ISAC
21 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【MBSD-SOCの検知傾向トピックス】 2025年5月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Ivanti Endpoint Manager Mobileの脆弱性(CVE-2025-4427, CVE-2025-4428)を狙った攻撃を新たに観測しました。 ▼詳しくは
@mbsdnews
13 Jun 2025
45 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Az Ivanti sebezhetőségeivel a támadók kritikus infrastruktúrákat vesznek célba Az Ivanti Endpoint Manager Mobile (EPMM) két közelmúltbeli sebezhetőségét használta ki egy feltételezhetően Kínához köthető kiberkémkedési csoport. Ivanti sérülékenység CV
@linuxmint_hun
2 Jun 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 25/05/19:Ivanti EPMM の脆弱性 CVE-2025-4427/4428 を登録 https://t.co/OSaYfwXYmm Ivanti EPMM の脆弱性 CVE-2025-4427/4428が CISA KEV に登録されました。当該製品をご利用のチームは、十分にご注意ください。
@iototsecnews
2 Jun 2025
86 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
1 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/3Xp01PEtXf
@_r_netsec
1 Jun 2025
902 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
1 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A China-nexus group is actively exploiting critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to remotely execute code and exfiltrate data, deploying KrustyLoader malware via AWS S3 buckets across global sectors. 🚨 #Ivanti #KrustyLoader https://t.co/pCmtCPEz6y
@TweetThreatNews
30 May 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
28 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Looking through a long list of vulnerable Ivanti devices, trying to find out if a customer is listed and how to reach someone on the other side to inform them about exposed Ivanti EPMM services affected by RCEs tracked as CVE-2025-4427 and CVE-2025-4428. It affects every sector:
@cyb3rops
26 May 2025
19210 Impressions
17 Retweets
74 Likes
31 Bookmarks
4 Replies
1 Quote
Actively exploited CVE : CVE-2025-4427
@transilienceai
26 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国系ハッカーUNC5221が、Ivanti EPMMの脆弱性(CVE-2025-4427/4428)を悪用し、医療、通信、金融、防衛などの分野を標的に攻撃を展開。KrustyLoaderやSliverを用いて持続的なアクセスを確立し、機密データを窃取。企業
@01ra66it
25 May 2025
1734 Impressions
7 Retweets
24 Likes
6 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-4427
@transilienceai
25 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4427 & CVE-2025-4428 : Live Forensic Collection from Ivanti EPMM Appliances https://t.co/JdtrsTg8PP
@freedomhack101
24 May 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been exploiting zero-days in ed
@cybertzar
24 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/qytojl3kAT https://t.co/JCNZ4Dbbcz
@IT_Peurico
23 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🕵️♂️ Chinese Spies Exploit Ivanti Flaws Across Critical Sectors UNC5221 hits gov, healthcare & finance using Ivanti RCE bugs (CVE-2025-4427/4428). Patch now—exploits are live. https://t.co/3h1kL1dIR6 #CyberEspionage #Ivanti #UNC5221 #APT #Infosec https://t.co
@dCypherIO
23 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
中国関連のサイバースパイグループUNC5221が、Ivanti Endpoint Manager Mobile(EPMM)の脆弱性(CVE-2025-4427および4428)を悪用し、欧州・北米・アジア太平洋の重要分野を標的に攻撃を行っている。
@yousukezan
23 May 2025
2054 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
China-linked group UNC5221 is exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 & CVE-2025-4428 to target organizations in Europe & North America. Immediate patching is crucial. 🚨 #CyberThreat #IvantiVulns #US https://t.co/TLR6tQobQe
@TweetThreatNews
23 May 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4427 #Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability https://t.co/EBDlahs5wv
@ScyScan
22 May 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) are being actively exploited for unauthenticated RCE. Patch now to versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. #ThreatIntel #RedLeggCTI #Ivanti EPMM https://t.co/2npCLP8IyP
@RedLegg
22 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/bUAYNdljdQ https://t.co/BMqr2Poz0u
@secharvesterx
22 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese-linked hackers exploited patched Ivanti EPMM vulnerabilities (CVE-2025-4427/4428) to target global enterprises, deploying sophisticated malware like KrustyLoader and Auto-Color Linux backdoors. ⚠️ #CyberAttack #China #KrustyLoader https://t.co/ccC8GX3YSi
@TweetThreatNews
22 May 2025
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427 & 4428 in Ivanti EPMM are being exploited by Chinese APT UNC5221. Flaws allow unauthenticated RCE across key sectors. Malware: KrustyLoader, Sliver. Patch now. #Ivanti #CVE2025 #ZeroDay #CyberSecurity #UNC5221 #PatchNow #InfoSec https://t.co/DDNcBEVKS4
@CloneSystemsInc
22 May 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4427
@transilienceai
22 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including
@ProferoSec
22 May 2025
247 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including
@ProferoSec
22 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغل هاكرز صينيون ثغرات برمجيات Ivanti Endpoint Manager Mobile (EPMM) لتوجيه هجمات على قطاعات متنوعة في أوروبا وأمريكا الشمالية ومنطقة آسيا والمحيط الهادئ. الثغرتان،
@Cybercachear
22 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors. Full report → https://t.co/XldtbDhTcb... https://t.co/PoDZgnQUNh
@IT_news_for_all
22 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDF89238-9401-4106-8999-511712A0A51F",
"versionEndExcluding": "11.12.0.5"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3F4C3FB-278B-4F4D-A5EF-188F49322405",
"versionEndExcluding": "12.3.0.2",
"versionStartIncluding": "12.3.0.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95FC0377-42AE-49FD-BE90-919F46D075C9",
"versionEndExcluding": "12.4.0.2",
"versionStartIncluding": "12.4.0.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3F9CD37-B058-4D65-86B1-9168215D2608"
}
],
"operator": "OR"
}
]
}
]