CVE-2025-10242
published 2025-10-14CVE-2025-10242: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin…
PriorityP264high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
21.11%
97.3th percentile
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 12.4.0.4 | 12.4.0.4 |
| ivanti | endpoint_manager_mobile | >= 12.5.0.0 < 12.5.0.4 | 12.5.0.4 |
| ivanti | endpoint_manager_mobile | >= 12.6.0.0 < 12.6.0.2 | 12.6.0.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target is the Ivanti EPMM admin panel; monitor for OS command injection patterns in admin panel HTTP requests (e.g., shell metacharacters in parameters) ↗
- →Requires remote authenticated attacker with admin privileges; alert on unexpected admin-level API or panel activity, especially commands or payloads containing shell metacharacters from unusual source IPs ↗
- ·Vulnerability affects Ivanti EPMM versions prior to 12.6.0.2, 12.5.0.4, and 12.4.0.4; ensure patched versions are confirmed before trusting admin panel integrity ↗
- ·Exploitation requires admin credentials; detection strategies should account for the possibility of compromised admin accounts being used as the initial access vector ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-10242
vendor_ivanti·2025-10-14·CVSS 7.2
CVE-2025-10242 [HIGH] CWE-78 Ivanti Security Advisory: CVE-2025-10242
Ivanti Security Advisory: CVE-2025-10242
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE IDs: CVE-2025-10242
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-78
GHSA
GHSA-h25p-jr6x-hjrr: OS command injection in the admin panel of Ivanti EPMM before version 12
ghsa_unreviewed·2025-10-14
CVE-2025-10242 [HIGH] CWE-78 GHSA-h25p-jr6x-hjrr: OS command injection in the admin panel of Ivanti EPMM before version 12
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-14
Published