{"uuid": "eb5e29db-7ab8-4258-b8a3-16c37b9cbeb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)", "description": "\n\nIvanti has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability. When chained together, successful exploitation could lead to unauthenticated remote code execution. \n\nWe are aware of a very limited number of customers whose solution has been exploited at the time of disclosure. \n\n\n| CVE Number | Description | CVSS Score (Severity) | CVSS Vector | CWE |\n| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -------------------------------------------- | ------- |\n| CVE-2025-4427 | An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. | 5.3 (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | CWE-288 |\n| CVE-2025-4428 | A remote code execution vulnerability in Ivanti Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system | 7.2 (High) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | CWE-94 |\n\n\nMitigation or Workaround \n\nCustomers can mitigate the threat by following best practice guidance of filtering access to the API using either the built in Portal ACLs functionality or an external WAF. You can find additional information on using the Portal ACLs functionality HERE. \n\n- The risk to customers is significantly reduced if they already filter access to the API using either the built in Portal ACLs functionality or an external WAF. \n- When reviewing or implementing additional API restrictions, please ensure you are using the \u201cAPI Connection\u201d type. \n- We do NOT recommend using the \u201cACLs\u201d functionality, as it blocks all access by network ranges, not just access to specific functionality. \n- While this is an effective mitigation, it could impact the functionality of your solution depending on your specific configurations. In particular integrations where IPs are difficult to determine or change often will be impacted, such as: \n- Windows Device Registrations using Autopilot \n- Microsoft Device Compliance and Graph API integrations \n- Additionally, an RPM file can be provided if customers need an alternative option. Customers will need to open a Support Case to receive the RPM file. Here's a step-by-step guide to install the RPM file: \n- Use SSH to connect to the instance and log in to the system CLI as the admin user. The admin account is created during system installation. \n- Type enable and provide the corresponding system password (set during the system installation) to enter EXEC PRIVILEGED mode. You\u2019ll notice the command line prompt changes from > to #. \n\n - Run the command install rpm url https://hostname/pathtorpm to download and install the RPM file. \n - Once the RPM installation is complete, type reload to restart the system. This will apply the update effectively. \n\nThe RPM file has been tested on supported versions of EPMM (versions 12.3, 12.4. and 12.5). The RPM may work on older versions, but Ivanti has not tested the mitigation on unsupported versions. We strongly recommend customers move to a supported version of the product. \n\n \n\n\nRef: [https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US)", "creation_timestamp": "2025-05-14T06:25:44.226007+00:00", "timestamp": "2025-05-14T06:26:57.042250+00:00", "related_vulnerabilities": ["CVE-2025-4427", "CVE-2025-4428"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}