Australia's intelligence agency, the ASD, has issued a warning regarding two linked Ivanti vulnerabilities (CVE-2025-4427 and CVE-2025-4428) that can lead to vicious remote code execution attacks. While the bugs seem minor individually, combined, they represent a threat to users of Ivanti Endpoint Manager Mobile (EPMM), particularly large organizations and government entities. Ivanti has communicated that there are few known exploits and encourages customers to implement protective measures, including accessing their support team for help in identifying possible compromises until a thorough investigation is complete.
We are actively working with our security partners and the maintainers of the libraries to determine if a CVE against the libraries is warranted for the benefit of the broader security ecosystem.
We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure, said Ivanti in its advisory.
If customers can't apply patches right away, they can mitigate the threat of chained attacks by filtering access to the API using either the Portal ACLs functionality or via an external WAF.
The investigation is ongoing and Ivanti does not have relevant indicators of compromise to provide yet, advising customers to contact support if they are concerned.
Collection
[
|
...
]