- Description
- Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
- Exploit added on
- May 19, 2025
- Exploit action due
- Jun 9, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-94
- Hype score
- Not currently trending
🚨 Ivanti EPMM Zero-Days Turn Mobile MDM Into an Enterprise-Wide C2 Ivanti EPMM’s spring 2025 zero-day chain (CVE-2025-4427 + CVE-2025-4428) was weaponized against thousands of orgs—especially in Europe—letting attackers pivot from an internet-facing MDM server into enrol
@ThreatSynop
31 Dec 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Black Hat Europe Briefing Alert 🚨 "One Entry Point to Thousands of Phones" 📱🔓 A China-nexus APT group (UNC5221) is actively exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities (CVE-2025-4427 & CVE-2025-4428) to gain unauthenticated remote access to
@BlackHatEvents
8 Oct 2025
4301 Impressions
2 Retweets
6 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 Cyber Threat Alerts - Last 24hrs: • CISA warns of active exploitation of Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428); attackers use chained exploits and EL injection—immediate patching required.
@vega_next
23 Sept 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ @CISAgov has issued a new malware analysis report on #Ivanti EPMM exploits (CVE-2025-4427, CVE-2025-4428). The findings highlight just how quickly adversaries move to weaponize vulnerabilities in centralized endpoint management tools. https://t.co/VONsiPbr9l https://t.co/
@DispersiveHold
22 Sept 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/qnhqxZYeMH #cybersecurity #cyber #security #hackers #cyberattack #databreach #incidentresponse #China The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on
@zeeshankghouri
22 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA Warns of Two #Malware Strains #Exploiting #Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/AphgSoJkfQ
@miguelcarvajalm
21 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Two malware strains are actively exploiting Ivanti EPMM flaws (CVE-2025-4427 & CVE-2025-4428). Admins: patch immediately & monitor for unusual activity. #Ivanti #CISA #ZeroDay #CyberSecurity https://t.co/kbzPzkPXHq
@SecurEpitome
21 Sept 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reported two malware strains exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 and CVE-2025-4428, discovered in an unnamed organization's network. https://t.co/L3CWZxWYna
@securityRSS
20 Sept 2025
170 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/r3sH6Yqe76
@PVynckier
20 Sept 2025
87 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Новая угроза в кибербезопасности: атака на Ivanti EPMM. В уязвимости CVE-2025-4427 и CVE-2025-4428 хакеры получили доступ к конфиденциальной информации и развернули вред
@cybereye_ru
20 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Ivanti EPMM flaws (CVE-2025-4427, CVE-2025-4428) are actively exploited.Threat actors employ Java loaders and fragmented Base64 payloads with covert listeners to achieve stealthy remote code execution.#Ivanti #EPMM #CVE2025 #CISA #cybersecurity #malware #rce #threatintel
@EUNOMATIX1
20 Sept 2025
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ivanti EPMM攻撃におけるマルウェアキットの脅威と対策(CVE-2025-4427、CVE-2025-4428) https://t.co/pzTygFKfpL #Security #セキュリティー #ニュース
@SecureShield_
20 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE ALERT: Ivanti EPMM Under Attack! 🔥 ⚠️ Threat: CVE-2025-4427 & CVE-2025-4428 exploited with custom malware kits (RCE) 💻 Impact: Hits unpatched Ivanti EPMM → v11.12.0.4, 12.3.0.1, 12.4.0.1, 12.5.0.0 🛡️ Action: Patch NOW + hunt for IOCs before it’s t
@Newtalics
19 Sept 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA details malware from Ivanti EPMM intrusions exploiting CVE-2025-4427 & CVE-2025-4428 vulnerabilities. UNC5221 actors used loaders and malicious listeners for remote commands and persistence. #IvantiEPMM #UNC5221 #China https://t.co/Xc4hSkQvTD
@TweetThreatNews
19 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two #malware Strains Exploiting Ivanti EPMM #CVE-2025-4427 and #CVE-2025-4428 https://t.co/zeBJrOREbi
@AdliceSoftware
19 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two malware sets exploit CVE-2025-4427 and CVE-2025-4428 in #Ivanti Endpoint Manager Mobile. Exploits enable authentication bypass and remote code execution; attackers drop Java loaders (web-install.jar + class files) in /tmp to persist, decode payloads and execute arbitrary code
@MeridianEU
19 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - September 19, 2025 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed two malware strains exploiting vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM). These malware strains
@NewsNerdie
19 Sept 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/Mu2FyeHnae #CyberSecurity
@EpicPlain
19 Sept 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/YWKBhUKxLV https://t.co/9M3Ujilx9Z
@talentxfactor
19 Sept 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/WxgqHpGhQT
@buzz_sec
19 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 https://t.co/1O6HOKDU3H https://t.co/JX3iiHaRbK
@RigneySec
19 Sept 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428 https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
@watchtowrcyber
16 Jul 2025
14703 Impressions
42 Retweets
160 Likes
39 Bookmarks
0 Replies
2 Quotes
During various Ivanti Endpoint Manager Mobile investigations (CVE-2025-4428), we (as others in our field) saw that the threat actors dumped heap memory from the Tomcat Java processes using jcmd, in order to search the dumped data for sensitive information. Have others seen this
@malmoeb
21 Jun 2025
1949 Impressions
2 Retweets
13 Likes
7 Bookmarks
1 Reply
0 Quotes
🔴 Ivanti Endpoint Manager Mobile, Remote Code Execution, #CVE-2025-4428 (Critical) https://t.co/pg321DrO54
@dailycve
16 Jun 2025
21 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
【MBSD-SOCの検知傾向トピックス】 2025年5月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Ivanti Endpoint Manager Mobileの脆弱性(CVE-2025-4427, CVE-2025-4428)を狙った攻撃を新たに観測しました。 ▼詳しくは
@mbsdnews
13 Jun 2025
45 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[1day1line] CVE-2025-4428 : a Spring EL Injection vulnerability that occurred in Ivanti EPPM https://t.co/fPVSuAiHFY Hello. Today's one day one line is about a Spring EL Injection vulnerability that occurred in Ivanti EPPM. The vulnerability occur red when user input values
@hackyboiz
7 Jun 2025
598 Impressions
3 Retweets
14 Likes
4 Bookmarks
0 Replies
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/3Xp01PEtXf
@_r_netsec
1 Jun 2025
902 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
A China-nexus group is actively exploiting critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to remotely execute code and exfiltrate data, deploying KrustyLoader malware via AWS S3 buckets across global sectors. 🚨 #Ivanti #KrustyLoader https://t.co/pCmtCPEz6y
@TweetThreatNews
30 May 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Exploiting #CVE-2025-4428: Unauthenticated Remote Code Execution https://t.co/awwzOMOVWZ Educational Purposes!
@UndercodeUpdate
29 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4428
@transilienceai
27 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Looking through a long list of vulnerable Ivanti devices, trying to find out if a customer is listed and how to reach someone on the other side to inform them about exposed Ivanti EPMM services affected by RCEs tracked as CVE-2025-4427 and CVE-2025-4428. It affects every sector:
@cyb3rops
26 May 2025
19210 Impressions
17 Retweets
74 Likes
31 Bookmarks
4 Replies
1 Quote
#threatreport #HighCompleteness China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability | 25-05-2025 Source: https://t.co/uLSCchef7i Key details below ↓ 🧑💻Actors/Campaigns: Unc5221 (🧠motivation: cyber_espionage)
@rst_cloud
26 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I found another variant of CVE-2025-4428 — a pre-auth RCE in Ivanti EPMM. Link to the blog post below 👇 https://t.co/WUZUNBySEi
@HacktronAI
25 May 2025
15564 Impressions
17 Retweets
114 Likes
55 Bookmarks
3 Replies
2 Quotes
China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability https://t.co/dbk8D7ccgf
@adriananglin
25 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4428
@transilienceai
25 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4427 & CVE-2025-4428 : Live Forensic Collection from Ivanti EPMM Appliances https://t.co/JdtrsTg8PP
@freedomhack101
24 May 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been exploiting zero-days in ed
@cybertzar
24 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution https://t.co/qytojl3kAT https://t.co/JCNZ4Dbbcz
@IT_Peurico
23 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) | https://t.co/kWqkkX2FmC @EclecticIQ
@780thC
23 May 2025
806 Impressions
10 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
UNC5221 sfrutta la falla CVE-2025-4428 in Ivanti EPMM per spionaggio globale Sicurezza Informatica, accesso remoto, apt, cina, CVE-2025-4428, cyber spionaggio, esfiltrazione dati mobili, guerra cibernetica, Ivanti, Ivanti EPMM, krustyloader, malware, Sli… https://t.co/i4qP3DB6G
@matricedigitale
23 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-linked group UNC5221 is exploiting Ivanti Endpoint Manager Mobile vulnerabilities CVE-2025-4427 & CVE-2025-4428 to target organizations in Europe & North America. Immediate patching is crucial. 🚨 #CyberThreat #IvantiVulns #US https://t.co/TLR6tQobQe
@TweetThreatNews
23 May 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4428 #Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability https://t.co/0i9YWxppXG
@ScyScan
22 May 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) are being actively exploited for unauthenticated RCE. Patch now to versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. #ThreatIntel #RedLeggCTI #Ivanti EPMM https://t.co/2npCLP8IyP
@RedLegg
22 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428) https://t.co/bUAYNdljdQ https://t.co/BMqr2Poz0u
@secharvesterx
22 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese hackers exploiting CVE-2025-4428 target global organizations via Ivanti EPMM 12.5.0.0 and earlier, gây espionage & data theft, including govt, healthcare, and finance 🇨🇳. Stay alert! #CyberThreat #Espionage #China https://t.co/XaAGJroRxH
@TweetThreatNews
22 May 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including
@ProferoSec
22 May 2025
247 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
UNC5221 China-Nexus 🇨🇳 Threat actor actively exploiting Ivanti EPMM (CVE-2025-4428) @WhichbufferArda https://t.co/UIwp25wQcb https://t.co/rO2H0le9K9
@freedomhack101
22 May 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
2 Replies
0 Quotes
Attention Organizations: With the exploitation of CVE-2025-4427 and CVE-2025-4428 vulnerabilities in Ivanti EPMM, attackers could gain full control of your devices. We've published a step-by-step guide on how to collect forensic evidence from Ivanti EPMM appliances — including
@ProferoSec
22 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغل هاكرز صينيون ثغرات برمجيات Ivanti Endpoint Manager Mobile (EPMM) لتوجيه هجمات على قطاعات متنوعة في أوروبا وأمريكا الشمالية ومنطقة آسيا والمحيط الهادئ. الثغرتان،
@Cybercachear
22 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨日本組織も標的に:中国関連アクターがIvanti EPMMの脆弱性悪用に関与か(CVE-2025-4428) 〜サイバーアラート 5月22日〜 https://t.co/8hjxuvJb23 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
22 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF89238-9401-4106-8999-511712A0A51F",
"versionEndExcluding": "11.12.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F4C3FB-278B-4F4D-A5EF-188F49322405",
"versionEndExcluding": "12.3.0.2",
"versionStartIncluding": "12.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95FC0377-42AE-49FD-BE90-919F46D075C9",
"versionEndExcluding": "12.4.0.2",
"versionStartIncluding": "12.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F9CD37-B058-4D65-86B1-9168215D2608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]