CISA Orders Federal Agencies to Patch Exploited Ivanti EPMM Zero-Day Vulnerability Within Four Days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive requiring federal agencies to patch a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within four days. The flaw, exploited as a zero-day in attacks, affects Ivanti's mobile device management software. No specific CVE ID, technical details, or affected versions were explicitly stated in the notice. The mandate applies to federal civilian executive branch agencies under CISA's authority. The vulnerability's exploitation in the wild prompted the urgent patching deadline. The directive aims to mitigate active threats targeting unpatched systems.