Ivanti patches Two zero days that can lead to RCE in Endpoint Manager Mobile
- Advertisement -
Related Posts
- Advertisement -
- Ivanti has patched two defects that are chained to mount RCE attacks
- A “limited number of” companies is said to have been compromised
- Only on-Prem products are affected
Ivanti has released a patch for two vulnerabilities in his Endpoint Manager Mobile (EPMM) software, which is reportedly chained in the external code version (RCE) attacks in the wild.
The vulnerabilities are followed as CVE-2025-4427 and CVE-2025-4428. The first is an authentication -bypass in the API of EPMM, giving threat factors access to protected sources. It was awarded a medium-serious score of 5.3.
The latter is an RCE vulnerability that is exploited by malignant API requests. This received a high serious score (7.2/10).
Ivanti says it is being abused in attacks: “When they are chained together, successful exploitation can lead to non -valued external code version,” the company said in security advice. “We are aware of a very limited number of customers whose solution has been used at the time of disclosure.”
To tackle the problem, users must install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2 or 12.5.0.1.
“The problem only affects the on-Prem EPMM product. It is not present in Ivanti neurons for MDM, Ivanti’s Cloud-based Unified endpoint management Solution, Ivanti Sentry, or other Ivanti products, “the company explained further.” We urge all customers to use the on-Prem EPMM product to install the patch immediately. “
Ivanti’s EPMM software is a popular solution in various industries, including healthcare, education, logistics, production and government. According to the Shadowerver, there are currently hundreds of exposed authorities, usually in Germany (992), but also with a considerable number in the United States (418).
Those who cannot apply the patch at the moment can implement different solutions. Ivanti said these users should follow the guidelines for best practices or access the API with the functionality of the built -in portal ACL, or an external WAF. More details about the use of the ACL functionality of the portal can be found here.
Maybe you like it too
- Advertisement -
