Cyberdudebivash

  Executive Summary Two serious vulnerabilities (CVE-2025-4427 & CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM) have been added to CISA’s Known Exploited Vulnerabilities Catalog, due to evidence these are being used in active attacks. CISA +4 CISA +4 CISA +4 CVE-2025-4427 is an authentication bypass (allows unauthenticated access to protected API resources). Tenable® +2 NVD +2 CVE-2025-4428 is remote code execution (RCE) via API component; can be chained with 4427 to allow RCE without authentication. CISA +3 Tenable® +3 CISA +3 Affected versions include Ivanti EPMM 11.12.0.4 and earlier , 12.3.0.1 and earlier , 12.4.0.1 and earlier , 12.5.0.0 and earlier . CISA +1 Ivanti released patches on May 13, 2025 . Update to fixed versions (11.12.0.5, 12.3.0.2, 12.4.0.2, 12.5.0.1) as soon as possible. Tenable® +1 Technical Details & Attack Mechanics Vulnerability Types & Causes CVE-2025-4427 (Auth Bypass): Via insecure handling of certain API e...