Article Details

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

Source: The Hacker News
Published: 2025-05-22 12:07
Fetched: 2025-05-22 13:34
Read Original Article

Summary

A China-nexus threat actor has been exploiting recently patched vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, impacting various sectors across Europe, North America, and the Asia-Pacific region. The security flaws, identified as CVE-2025-4427 and CVE-2025-4428, have CVSS scores of 5.3 and 7.2, respectively. These vulnerabilities can be chained to execute arbitrary code, posing significant risks to enterprise networks. Organizations using Ivanti EPMM are urged to apply the patches immediately to prevent potential breaches. The attacks underscore the persistent threat posed by state-sponsored groups and the importance of timely patch management in cybersecurity strategies.

LinkedIn Post

Chinese hackers exploit Ivanti EPMM flaws (CVE-2025-4427, CVE-2025-4428) to target global enterprises. Ensure your systems are patched to prevent breaches. #CyberSecurity #Ivanti #PatchManagement #InfoSec #ThreatIntel

Content

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a