← Voltar para CVEs
CVE-2025-4427
MEDIUMCISA KEV5.3
Descricao
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/13/2025
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorIvanti
ProdutoEndpoint Manager Mobile (EPMM)
Nome da vulnerabilidadeIvanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Data inclusao KEV2025-05-19
Prazo de remediacao2025-06-09
Uso em ransomwareUnknown
Produtos afetados
ivanti:endpoint_manager_mobile
Fraquezas (CWE)
CWE-288
Referencias
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.