CVE-2025-4427 - Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Project:Ivanti
Product:Endpoint Manager Mobile (EPMM)
Date Added:2025-05-19Due Date:2025-06-09
Vulnerability Name
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Description
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
https://nvd.nist.gov/vuln/detail/CVE-2025-4427
Related News Articles
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agenciesMay 22, 2025
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksMay 22, 2025