FlagThis

ImgSrc: imgproxy.divecd

References :

• cert.europa.eu: 2025-018: Zero-Day Vulnerabilitities in Ivanti EPMM
• BleepingComputer: Ivanti fixes EPMM zero-days chained in code execution attacks
• www.helpnetsecurity.com: Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
• Tenable Blog: CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
• The DefendOps Diaries: Ivanti's Security Patch: Addressing Critical Vulnerabilities in EPMM
• Help Net Security: Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
• The Hacker News: Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
• gbhackers.com: Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now
• arcticwolf.com: Ivanti Fixes Critical and Actively Exploited Vulnerabilities in May 2025 Update
• Arctic Wolf: On 13 May 2025, Ivanti released patches addressing multiple vulnerabilities across its products.
• The Register - Security: Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks.
• socradar.io: Ivanti Fixes Critical Vulnerabilities in May 2025 Update
• forums.ivanti.com: Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
• arcticwolf.com: On 13 May 2025, Ivanti released patches addressing multiple vulnerabilities across its products. The most severe issues include an unauthenticated remote code execution exploit chain affecting Ivanti Endpoint Manager Mobile (EPMM) and a critical authentication bypass vulnerability in Ivanti Neurons for IT Service Management (ITSM).
• Security Affairs: Ivanti fixed two EPMM flaws exploited in limited attacks
• thecyberexpress.com: Ivanti has released security patches to address two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which were being actively exploited in limited attacks. These vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, have the potential to allow attackers to execute remote code on vulnerable systems, posing a severe risk to organizations using the software.
• Arctic Wolf: Ivanti fixes critical and actively exploited vulnerabilities in May 2025 update
• watchTowr Labs: Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend -
• Rapid7 Cybersecurity Blog: Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
• Rescana: Ivanti EPMM CVE-2025-4427: Critical Remote Code Execution Vulnerability
• The GreyNoise Blog: Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.
• hackread.com: Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…
• infosec.exchange: Ivanti Endpoint Mobile Manager ( ) CVE-2025-4427 and CVE-2025-4428 Allow Remote Code Execution and being actively exploited in the wild - patch your systems now!
• GreyNoise: Two critical Ivanti zero-days (CVE-2025-4427 + CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month.
• cybersecuritynews.com: Ivanti Endpoint Mobile Manager RCE and authentication bypass
• thecyberexpress.com: Ivanti has released security patches to address two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which were being actively exploited in limited attacks.
• SOC Prime Blog: Following the disclosure of CVE-2025-31324, an unauthenticated file upload vulnerability in SAP NetWeaver enabling RCE, two more security flaws have surfaced in Ivanti Endpoint Manager Mobile (EPMM) software.
• www.cybersecuritydive.com: The company said additional CVEs may be necessary for flaws in related open-source libraries, but researchers are raising questions.
• Cyber Security News: Ivanti has disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) solution. When chained together, these vulnerabilities allow attackers to execute unauthenticated remote code.
• gbhackers.com: Security researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform.
• socprime.com: CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE
• gbhackers.com: Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
• bsky.app: Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities buff.ly/wxY7JzO
• gbhackers.com: CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
• research.kudelskisecurity.com: Ivanti EPMM Bugs Combine for Unauthenticated RCE in the Wild
• Wiz Blog | RSS feed: Wiz Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).
• research.kudelskisecurity.com: On March 13, Ivanti disclosed two vulnerabilities which a ect their on-premise Endpoint Manager Mobile product: CVE-2025-4427 (an authentication bypass) and CVE-2025-4428 (an authenticated

Classification:

• HashTags: #Ivanti #RCE #Vulnerability
• Company: Ivanti
• Target: Enterprises
• Product: EPMM
• Feature: Remote Code Execution
• Malware: CVE-2025-4427
• Type: Vulnerability
• Severity: Critical