Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jun 9, 2025

High
CISA KEV

CVE-2025-4427

IvantiEndpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

Required Action

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4427

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Unknown
Published
May 19, 2025
KEV Added
May 19, 2025
Due Date
Jun 9, 2025
Related Articles
0

Vendor

Ivanti

Endpoint Manager Mobile (EPMM)