AI description
CVE-2025-6771 is an OS command injection vulnerability found in Ivanti Endpoint Manager Mobile (EPMM). The vulnerability affects versions before 12.5.0.2, 12.4.0.3, and 12.3.0.3. It is classified as CWE-78, which is an improper neutralization of special elements used in an OS Command. A remote, authenticated attacker with high privileges can exploit this vulnerability to achieve remote code execution on the affected system. To address this vulnerability, Ivanti has released security updates, advising users to upgrade to version 12.5.0.2, 12.4.0.3, or 12.3.0.3, depending on their current version.
- Description
- OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-78
- Hype score
- Not currently trending
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428 https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
@watchtowrcyber
16 Jul 2025
14703 Impressions
42 Retweets
160 Likes
39 Bookmarks
0 Replies
2 Quotes
CVE-2025-6771 OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges… https://t.co/nxRhMNBfwu
@CVEnew
8 Jul 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DE6400C-5DC6-4E65-8D7F-9C58C2BF708F",
"versionEndExcluding": "12.3.0.3"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D9CDB84-19F2-490E-9E6B-BA9E1C598652",
"versionEndExcluding": "12.4.0.3",
"versionStartIncluding": "12.4.0.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BC644EB-52AB-4D85-A667-1D6039493B0F",
"versionEndExcluding": "12.5.0.2",
"versionStartIncluding": "12.5.0.0"
}
],
"operator": "OR"
}
]
}
]