Iuti is liberated Safety updates to solve two deficiencies in the Endpoint Manager Mabil (EPMM) software that was assembled in the attack to get deleted code.
The vulnerabilities in question are below –
- Cve-2025-4427 (CVSS Assessment: 5.3) – Authy Authentication in Mobile Endpoint Manager Ivanti allows attackers to access protected resources without proper powers
- Cve-2025-4428 (CVSS assessment: 7.2) – Vulnerability of the remote code under IVANnti Endpoint Manager Mobile allows the attackers to perform an arbitrary code in the target system
Disadvantages affect the following versions of the product –
- 11.12.0.4 and previous (recorded at 11.12.0.5)
- 12.3.0.1 and previous (recorded in 12.3.0.2)
- 12.4.0.1 and previous (recorded in 12.4.0.2)
- 12.5.0.0 and previous (recorded in 12.5.0.1)
Ivanti who attributed to Cert-Eu for the report on the issues – Note This “knows about a very limited number of customers who were used at the time of disclosure” and that vulnerability is related to two open source libraries integrated into EPMM. “
The company, however, did not reveal the names of the affected libraries. It is also unknown what other software applications that rely on two libraries can affect. In addition, the company stated that it was still investigating and that it has no reliable indicators of compromise related to malicious activity.
“The risk to customers is significantly reduced when they are already filtered access to API by using either the ACLS portal functionality or the external web applications,” Ivani said.
“The problem only affects the EPMM product. It is not present in Ivanti neurons for MDM, regional” Ivanant “, Ivanti Sentry or any other IVANANTI products.”
Separately, in Ivanta also have Starting patches To contain a lack of authentication in the object versions of the neurons for ITSM (CVE-2025-22462, CVSS: 9.8), which can allow distant non-communal attackers to gain administrative access to the system. There is no evidence that security defect was used in the wild.
With zero days in the IVANnti device becomes Lightning core for the threatening subjects In recent years, it is very important that users have moved fast to update their instances to the latest versions for optimal protection.
