Ivanti has released security patches to fix two critical vulnerabilities in its Endpoint Manager Mobile software, which have been actively exploited in limited attacks. These vulnerabilities could allow remote code execution, risking full system control for affected organizations.
Affected: Ivanti Endpoint Manager Mobile
Affected: Ivanti Endpoint Manager Mobile
Keypoints
- Two vulnerabilities in Ivanti Endpoint Manager Mobile can enable remote code execution.
- CVE-2025-4427 allows authentication bypass, while CVE-2025-4428 permits remote code execution.
- The flaws are present in versions 11.12.0.4 and earlier, including some 12.x releases.
- Ivanti has released patches in versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1 to address these issues.
- Organizations are advised to upgrade immediately or implement mitigation measures like API access controls or Web Application Firewalls.
Read More: https://thecyberexpress.com/patches-for-cve-2025-4427-and-cve-2025-4428/