CISAβs Malware Analysis Report reveals a new hacking campaign exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities CVE-2025-4427 and CVE-2025-4428. The threat actors deployed custom malware for persistent access, targeting specific software versions and using innovative delivery methods. #CISA #IvantiEPMM #CVE20254427 #CVE20254428
Keypoints
- Cyber threat actors exploited newly patched vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti EPMM systems.
- The attackers used Java-based loaders and malicious listeners to inject remote code and maintain persistence.
- Malware was delivered via Base64-encoded fragments using HTTP GET requests, avoiding traditional detection methods.
- CISA provided IOCs, YARA rules, and SIGMA signatures to aid detection and incident response efforts.
- Organizations are advised to update Ivanti EPMM, enforce strict access controls, and implement advanced threat detection techniques.
Read More: https://thecyberexpress.com/cisa-mar-cve-2025-4427-28/