Security News > 2025 > May > Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
2025-05-22 12:07
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a
News URL
https://thehackernews.com/2025/05/chinese-hackers-exploit-ivanti-epmm.html
Related news
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies (source)
- Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-4428 | Code Injection vulnerability in Ivanti Endpoint Manager Mobile 12.5.0.0 Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | 8.8 |
| 2025-05-13 | CVE-2025-4427 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Ivanti Endpoint Manager Mobile 12.5.0.0 An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | 7.5 |