Security News > 2025 > May > Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
2025-05-14 04:00
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials
News URL
https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html
Related news
- Ivanti fixes EPMM zero-days chained in code execution attacks (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans (source)
- Airplay-enabled devices open to attack via “AirBorne” vulnerabilities (source)
- Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) (source)
- Ivanti patches two zero-days under active attack as intel agency warns customers (source)