← Retour aux CVEs
CVE-2025-4427
MEDIUMCISA KEV5.3
Description
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Details CVE
Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie5/13/2025
Derniere modification10/24/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurIvanti
ProduitEndpoint Manager Mobile (EPMM)
Nom vulnerabiliteIvanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Date ajout KEV2025-05-19
Date limite remediation2025-06-09
Utilise dans ransomwareUnknown
Produits affectes
ivanti:endpoint_manager_mobile
Faiblesses (CWE)
CWE-288
References
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.