CVE-2025-4428

High KEV CVSS: 7.2

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

Vendor

Ivanti

Product

Endpoint Manager Mobile

CWE

CWE-94

Yayın Tarihi

2025-05-13 16:15:32

Güncelleme

2025-10-24 13:55:22

Source Identifier

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

KEV Date Added

2025-05-19

Kategoriler

CWE-94 Endpoint Manager Mobile HIGH Ivanti 2025

Referanslar

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4428

Benzer Kayıtlar

High

CVE-2026-3483

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate thei…

Medium

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrar…

High

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to…

Critical

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Critical

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

High

CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write…