← Zuruck zu CVEs
CVE-2025-4427
MEDIUMCISA KEV5.3
Beschreibung
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/13/2025
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerIvanti
ProduktEndpoint Manager Mobile (EPMM)
SchwachstellennameIvanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
KEV Aufnahmedatum2025-05-19
Behebungsfrist2025-06-09
Ransomware-NutzungUnknown
Betroffene Produkte
ivanti:endpoint_manager_mobile
Schwachen (CWE)
CWE-288
Referenzen
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.