← Back to CVEs
CVE-2025-4427
MEDIUMCISA KEV5.3
Description
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/13/2025
Last Modified10/24/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorIvanti
ProductEndpoint Manager Mobile (EPMM)
Vulnerability NameIvanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
KEV Date Added2025-05-19
Remediation Due Date2025-06-09
Ransomware UseUnknown
Affected Products
ivanti:endpoint_manager_mobile
Weaknesses (CWE)
CWE-288
References
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.