Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

Posted on By CWS

Ivanti on Tuesday introduced patches for 3 vulnerabilities in its merchandise, together with two Endpoint Supervisor Cell (EPMM) bugs which have been chained within the wild.

The exploited zero-day flaws, tracked as CVE-2025-4427 (CVSS rating of 5.3) and CVE-2025-4428 (CVSS rating of seven.2), are described as an authentication bypass subject and a distant code execution (RCE) defect impacting two open supply libraries built-in into EPMM. They allow a distant, unauthenticated attacker to execute arbitrary code.

The corporate says it’s working with the maintainers of the affected libraries to evaluate the influence on the open supply dependencies and whether or not extra CVEs needs to be assigned.

“We’re conscious of a really restricted variety of prospects whose answer has been exploited on the time of disclosure,” Ivanti notes in its advisory.

The danger of compromise, the corporate says, is considerably diminished if entry to the API is filtered utilizing ACLs performance within the portal or an exterior WAF.

Patches for the zero-days have been included in EPMM variations 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1. All customers of Ivanti’s on-prem EPMM product are urged to promptly set up the patch.

“We have now made extra sources and assist groups out there to help prospects in implementing the patch and addressing any issues. Detailed data is offered in our Safety Advisory in order that prospects can defend their atmosphere,” Ivanti mentioned.

Moreover, the corporate launched fixes for 3 bugs in Neurons for ITSM, Cloud Safety Utility (CSA), and Ivanti Neurons for MDM (N-MDM). None of those seems to be exploited in assaults, the corporate says.Commercial. Scroll to proceed studying.

The repair for Neurons for ITSM (on-premise solely) resolves CVE-2025-22462 (CVSS rating of 9.8), a critical-severity authentication bypass flaw that would enable a distant attacker to acquire administrative privileges.

Ivanti additionally patched CVE-2025-22460, a high-severity default credentials subject in CSA that would enable an area attacker to raise their privileges, and a medium-severity improper authorization defect in N-MDM (with no CVE identifier assigned) that would enable distant, unauthenticated attackers to tamper with sources.

Associated: Vulnerabilities Patched by Ivanti, VMware, Zoom

Associated: Exploited Vulnerability Places 5,000 Ivanti VPN Home equipment at Danger

Associated: Chinese language APT Pounces on Misdiagnosed RCE in Ivanti VPN Home equipment

Associated: CISA Analyzes Malware Utilized in Ivanti Zero-Day Assaults

Security Week News Tags:, , , , , ,

Related Posts

US Announces Botnet Takedown, Charges Against Russian Administrators Security Week News
Valuable Information Leaked in LockBit Ransomware Hack  Security Week News
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack Security Week News
CISA Warns of Flaw in TeleMessage App Used by Ex-National Security Advisor  Security Week News
200,000 Harbin Clinic Patients Impacted by NRS Data Breach Security Week News
New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA Security Week News