Ivanti Fixes Critical EPMM Vulnerabilities Exploited in Limited Attacks

Ivanti has issued security updates to address two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which have been exploited in limited attacks by threat actors. The company confirmed that the vulnerabilities were identified by CERT-EU and are tracked as CVE-2025-4427 and CVE-2025-4428.

The two vulnerabilities are described as follows:

CVE-2025-4427

This vulnerability is classified as medium severity, while the other is classified as high severity. According to Ivanti's advisory, threat actors can chain these vulnerabilities together to achieve remote code execution without authentication.

CVE-2025-4428

Similarly, this vulnerability is also chained with CVE-2025-4427 to achieve unauthenticated remote code execution, as stated by Ivanti in their advisory.

Ivantii has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability. When chained together, successful exploitation could lead to unauthenticated remote code execution. The company is aware of a very limited number of customers whose solution has been exploited at the time of disclosure.

Impacted Software Versions

The vulnerabilities have been addressed with versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. Ivanti pointed out that these vulnerabilities affect two unnamed open-source libraries used in EPMM, but do not reside in their code.

The company is still investigating the attacks, however, it does not have “reliable atomic indicators” at the time of this writing. If you are running affected software versions, we strongly recommend updating to a newer version as soon as possible.