CVE-2025-4427
KEVIvanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
5.3
MediumPublished:
Last updated:
Source:3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- Low
- Integrity
- None
- Availability
- None
Description
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Exploits
524212025-08-26remoteMultiple
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
By İbrahimsql
References
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427