Ivanti has released critical security patches addressing two newly discovered vulnerabilities in its Endpoint Manager Mobile (EPMM) software that have been actively chained in attacks to achieve remote code execution. These vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, impact multiple versions of the on-premises EPMM platform and pose a significant risk to organizations still running outdated instances.
The first flaw, CVE-2025-4427 (CVSS score: 5.3), is an authentication bypass vulnerability that allows attackers to access protected resources without proper credentials. The second, more severe flaw, CVE-2025-4428 (CVSS score: 7.2), enables attackers to execute arbitrary code remotely on vulnerable systems — a serious threat that could result in full system compromise.
Ivanti confirmed that these vulnerabilities stem from two open-source libraries integrated into EPMM, though the company has not publicly disclosed which libraries are affected. So far, the vendor has identified only a limited number of customers impacted and stated that an investigation is ongoing. No specific indicators of compromise (IOCs) have been confirmed at this time.
The following product versions are affected:
- 11.12.0.4 and prior (Fixed in 11.12.0.5)
- 12.3.0.1 and prior (Fixed in 12.3.0.2)
- 12.4.0.1 and prior (Fixed in 12.4.0.2)
- 12.5.0.0 and prior (Fixed in 12.5.0.1)
According to Ivanti, customers using built-in Portal ACLs or external web application firewalls (WAFs) to filter API access are at reduced risk. Importantly, these issues only affect the on-premises EPMM product and do not impact Ivanti Neurons for MDM (cloud-based), Ivanti Sentry, or any other Ivanti solutions.
Separate Critical Flaw Patched in Ivanti Neurons for ITSM
In a separate advisory, Ivanti also patched a critical authentication bypass vulnerability in on-premises versions of Neurons for ITSM. Tracked as CVE-2025-22462 with a CVSS score of 9.8, the flaw could allow remote unauthenticated attackers to gain full administrative control over affected systems. While the company states there is no evidence of exploitation in the wild, the severity warrants immediate patching.
CERT-EU has been credited with responsibly disclosing the EPMM vulnerabilities. Ivanti emphasized that fast action is essential given the rising volume of zero-day exploits targeting its platforms in recent years.
Organizations relying on Ivanti’s on-prem solutions are strongly urged to apply the patches without delay, especially given the trend of targeted attacks on vulnerable IT management tools.
