Ivanti announced on Tuesday that it has released patches for three security vulnerabilities
across its products, including two actively exploited flaws in Endpoint Manager Mobile (EPMM).
The zero-day vulnerabilities, identified as CVE-2025-4427 with a CVSS score of 5.3 and CVE-2025-4428 with a CVSS score of 7.2, involve an authentication bypass and a remote code execution issue. These flaws affect two open-source libraries used in EPMM and allow a remote attacker with no prior authentication to execute arbitrary code.
Ivanti stated that it is working closely with the maintainers of the impacted libraries to understand the broader effect on open-source dependencies and to determine whether additional vulnerability identifiers should be assigned.
The company noted in it’s advisory that a very limited number of customers had been affected by these exploits at the time of disclosure.
According to Ivanti, the risk of exploitation is considerably lower when access to the API is restricted through the use of Access Control Lists (ACLs) within the portal or by using an external Web Application Firewall (WAF).
Security updates for the zero-day issues have been included in EPMM versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1. Ivanti strongly advises all customers using the on-premises version of EPMM to apply the updates without delay.
The company emphasized that it has increased the availability of support resources to help customers apply the patches and resolve any related concerns. Further details can be found in Ivanti’s official Security Advisory to help users protect their systems.
In addition to the EPMM patches, Ivanti also addressed three other vulnerabilities in its Neurons for ITSM, Cloud Security Application (CSA), and Ivanti Neurons for MDM (N-MDM) products. These flaws are not known to be under active exploitation.
The most severe among them, CVE-2025-22462 with a CVSS score of 9.8, affects on-premises installations of Neurons for ITSM and involves an authentication bypass that could allow remote attackers to gain administrative access.
Ivanti also patched CVE-2025-22460, a high-severity issue in CSA involving default credentials that could enable a local attacker to escalate their privileges. Lastly, a medium-severity authorization flaw in N-MDM, which does not have an assigned CVE number, was fixed. This vulnerability could allow unauthenticated remote attackers to manipulate resources improperly.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
