Two vulnerabilities in Ivanti Endpoint Manager Mobile, CVE-2025-4427 and CVE-2025-4428, have been identified as critical threats actively exploited by attackers. These flaws, tied to authentication bypass and insecure error handling, allow for remote code execution without requiring user credentials. While Ivanti initially claimed only the on-premises version was affected, research by Wiz has uncovered active exploitation in cloud environments as well. This raises concerns about the seriousness of the vulnerabilities and the impact on systems that are accessible via the internet, challenging Ivanti's previous communications regarding the scope of the threat.
The recent vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) expose both on-premises and cloud environments to grave threats through critical authentication flaws.
Security company Wiz has reported that the vulnerabilities CVE-2025-4427 and CVE-2025-4428 are being actively exploited by attackers in cloud environments, challenging Ivanti's previous claims.
The flaws allow attackers to execute malicious code without authentication, posing severe risks to systems. Special routes seem to be compromised due to inadequate Spring Security configurations.
Research highlights that the vulnerabilities not only affect a small number of customers but have escalated to target cloud environments, contradicting initial announcements from Ivanti.
Collection
[
|
...
]