← Back to CVEs
CVE-2025-4428
HIGHCISA KEV7.2
Description
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published5/13/2025
Last Modified10/24/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorIvanti
ProductEndpoint Manager Mobile (EPMM)
Vulnerability NameIvanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
KEV Date Added2025-05-19
Remediation Due Date2025-06-09
Ransomware UseUnknown
Affected Products
ivanti:endpoint_manager_mobile
Weaknesses (CWE)
CWE-94
References
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4428(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.