AI description
CVE-2025-6771 is an OS command injection vulnerability found in Ivanti Endpoint Manager Mobile (EPMM). The vulnerability affects versions before 12.5.0.2, 12.4.0.3, and 12.3.0.3. It is classified as CWE-78, which is an improper neutralization of special elements used in an OS Command. A remote, authenticated attacker with high privileges can exploit this vulnerability to achieve remote code execution on the affected system. To address this vulnerability, Ivanti has released security updates, advising users to upgrade to version 12.5.0.2, 12.4.0.3, or 12.3.0.3, depending on their current version.
- Description
- OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
29
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428 https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
@watchtowrcyber
16 Jul 2025
14703 Impressions
42 Retweets
160 Likes
39 Bookmarks
0 Replies
2 Quotes
CVE-2025-6771 OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges… https://t.co/nxRhMNBfwu
@CVEnew
8 Jul 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DE6400C-5DC6-4E65-8D7F-9C58C2BF708F",
"versionEndExcluding": "12.3.0.3"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D9CDB84-19F2-490E-9E6B-BA9E1C598652",
"versionEndExcluding": "12.4.0.3",
"versionStartIncluding": "12.4.0.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BC644EB-52AB-4D85-A667-1D6039493B0F",
"versionEndExcluding": "12.5.0.2",
"versionStartIncluding": "12.5.0.0"
}
],
"operator": "OR"
}
]
}
]