CVE-2025-4427 - Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

漏洞名称

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

描述

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

已知用于勒索软件活动吗？

Unknown

采集行动

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

其他说明

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

https://nvd.nist.gov/vuln/detail/CVE-2025-4427

相关新闻文章

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary EmailsDecember 17, 2025

CISA exposes malware kits deployed in Ivanti EPMM attacksSeptember 19, 2025

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428September 19, 2025

Ivanti EPMM flaw exploited by Chinese hackers to breach govt agenciesMay 22, 2025

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksMay 22, 2025