Sunday, 27 Jul 2025
  • About us
  • Contact
  • History
  • My Interests
  • Privacy Policy
Nexpressdaily.com
  • Home
  • Politics
  • Finance
  • Health
  • Technology
  • Travel
  • World
  • 🔥
  • Technology
  • World
  • Finance
  • Politics
  • Travel
  • Health
Font ResizerAa
Nexpressdaily.comNexpressdaily.com
  • My Saves
  • My Interests
  • My Feed
  • History
  • Travel
  • Finance
  • Politics
  • Health
  • Technology
  • World
Search
  • Pages
    • Home
    • Blog Index
    • Contact Us
    • Search Page
    • 404 Page
  • Personalized
    • My Feed
    • My Saves
    • My Interests
    • History
  • Categories
    • Finance
    • Politics
    • Technology
    • Travel
    • Health
    • World
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Technology

Ivanti patches two zero-days that could lead to RCE in Endpoint Manager Mobile

Nexpressdaily
Last updated: May 14, 2025 12:03 pm
Nexpressdaily
Share
SHARE


  • Ivanti patched two flaws being chained to mount RCE attacks
  • A “limited number” of companies were allegedly compromised
  • Only on-prem products are affected

Ivanti has released a patch for two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, that’s allegedly being chained in remote code execution (RCE) attacks in the wild.

The vulnerabilities are tracked as CVE-2025-4427, and CVE-2025-4428. The former is an authentication bypass in EPMM’s API, allowing threat actors to access protected resources. It was assigned a medium-severity score of 5.3.

The latter is an RCE vulnerability exploited through maliciously crafted API requests. This one was given a high severity score (7.2/10).


You may like

Ivanti says it’s seen it abused in attacks: “When chained together, successful exploitation could lead to unauthenticated remote code execution,” the company said in a security advisory. “We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.”

To address the issue, users should install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.

“The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products,” the company further explained. “We urge all customers using the on-prem EPMM product to promptly install the patch.”

Ivanti’s EPMM software is a popular solution across different industries, including healthcare, education, logistics, manufacturing, and government. According to The Shadowserver, there are hundreds of exposed instances at the moment, mostly in Germany (992), but with a significant number in the United States (418), as well.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Those that cannot apply the patch at this time can implement different workarounds. Ivanti said these users should follow best practice guidance or filtering access to the API using either the built-in Portal ACL’s functionality, or an external WAF. More details on using the portal’s ACL functionality can be found here.

Via BleepingComputer

You might also like

Share This Article
Email Copy Link Print
Previous Article What, exactly, are Alberta separatists mad about?
Next Article US-China Tariff Truce Triggers Transpacific Rush—But Uncertainty Lingers

Your Trusted Source for Accurate and Timely Updates!

Our commitment to accuracy, impartiality, and delivering breaking news as it happens has earned us the trust of a vast audience. Stay ahead with real-time updates on the latest events, trends.
FacebookLike
XFollow
InstagramFollow
LinkedInFollow
MediumFollow
QuoraFollow
- Advertisement -
Ad imageAd image

Popular Posts

Gwyneth Paltrow tackles Astronomer’s most common questions as ‘very temporary’ spokesperson — ‘OMG! What the actual f’

Astronomer showed it also has a sense of humor after its CEO and HR chief…

By Nexpressdaily

The Best Growth Stocks I’d Buy Right Now

With the "Magnificent Seven" (and their close peers) not performing so magnificently anymore, it's time…

By Nexpressdaily

Washington’s Besieged Journalists Raise a Glass, Darkly

Usually, the White House Correspondents’ Association dinner features Hollywood stars, a zinger-filled comedy set and…

By Nexpressdaily

You Might Also Like

Technology

Samsung Teases Ultra-Grade Foldable Phone With a ‘Powerful Camera,’ AI Tools

By Nexpressdaily
Technology

Goldman Sachs CTO Marco Argenti says the bank is “going to start augmenting our workforce with Devin”, Cognition’s AI coding assistant, as Wall Street adopts AI (Hugh Son/CNBC)

By Nexpressdaily
Technology

How artists are responding to AI

By Nexpressdaily
Technology

A.I. Was Coming for Radiologists’ Jobs. So Far, They’re Just More Efficient.

By Nexpressdaily
Nexpressdaily.com
Facebook Twitter Youtube Rss Medium

About US

NexpressDaily.com is a leading digital news platform committed to delivering timely, accurate, and unbiased news from around the world. From politics and business to technology, sports, health, and entertainment – we cover the stories that matter most. Stay connected with real-time updates, expert insights, and trusted journalism, all in one place.

Top Categories
  • World
  • Finance
  • Politics
  • Tech
  • Health
  • Travel
Usefull Links
  • About us
  • Contact
  • History
  • My Interests
  • Privacy Policy

© Nexpressdaily. All Rights Reserved.

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?