CISA revealed details of malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile, leading to unauthorized remote code execution. The threat actors used malicious loaders to maintain persistence, extract data, and manipulate server functions. #IvantiEPMM #CVE20254427 #CVE20254428 #MaliciousLoaders #RemoteCodeExecution
Keypoints
- Two malware sets were identified in an organizationβs network after exploiting Ivanti EPMM vulnerabilities.
- The vulnerabilities CVE-2025-4427 and CVE-2025-4428 allowed remote attack execution and authentication bypass.
- Threat actors gained access around May 15, 2025, using proof-of-concept exploits for these zero-day flaws.
- The malware involved Java-based loaders that intercept HTTP requests to decode and decrypt payloads for execution.
- Organizations are advised to update their systems, monitor activity, and restrict access to mobile management systems.
Read More: https://thehackernews.com/2025/09/cisa-warns-of-two-malware-strains.html