CVE-2025-4427

Medium KEV CVSS: 5.3

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Vendor

Ivanti

Product

Endpoint Manager Mobile

CWE

CWE-288

Yayın Tarihi

2025-05-13 16:15:32

Güncelleme

2025-10-24 13:55:27

Source Identifier

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

KEV Date Added

2025-05-19

Kategoriler

CWE-288 Endpoint Manager Mobile MEDIUM Ivanti 2025

Referanslar

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427

Benzer Kayıtlar

High

CVE-2026-3483

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate thei…

Medium

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrar…

High

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to…

Critical

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Critical

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

High

CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write…