Article Details

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Source: The Hacker News
Published: 2025-05-14 04:00
Fetched: 2025-05-14 05:17
Read Original Article

Summary

Ivanti has issued patches for two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software that were being exploited for remote code execution in targeted attacks. The flaws, including CVE-2025-4427 with a CVSS score of 5.3, involve an authentication bypass allowing unauthorized access to protected resources. These vulnerabilities highlight the increasing sophistication of cyber threats that exploit software weaknesses to gain unauthorized control. Organizations using EPMM are urged to apply the updates immediately to mitigate potential risks. The incident underscores the critical need for timely patch management and robust security protocols to protect sensitive data and infrastructure.

LinkedIn Post

Ivanti patches critical EPMM vulnerabilities exploited for remote code execution. Ensure your systems are updated to prevent unauthorized access. #Cybersecurity #Ivanti #EPMM #PatchManagement #InfoSec

Content

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials