CVE-2025-10243
published 2025-10-14CVE-2025-10243: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin…
PriorityP264high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
21.11%
97.3th percentile
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 12.4.0.4 | 12.4.0.4 |
| ivanti | endpoint_manager_mobile | >= 12.5.0.0 < 12.5.0.4 | 12.5.0.4 |
| ivanti | endpoint_manager_mobile | >= 12.6.0.0 < 12.6.0.2 | 12.6.0.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is OS command injection (CWE-78) in the Ivanti EPMM admin panel — monitor for anomalous OS command execution originating from the EPMM admin interface process ↗
- →Exploitation requires an authenticated session with admin privileges — alert on unexpected admin-level API calls or admin panel interactions followed by child process spawning from the EPMM service ↗
- ·Affected versions are Ivanti EPMM before 12.6.0.2, 12.5.0.4, and 12.4.0.4 — verify deployed version against these thresholds to confirm exposure ↗
- ·Attack vector is network-based but requires admin authentication — reducing or auditing admin panel exposure and enforcing MFA on admin accounts limits the exploitable attack surface ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-10243
vendor_ivanti·2025-10-14·CVSS 7.2
CVE-2025-10243 [HIGH] CWE-78 Ivanti Security Advisory: CVE-2025-10243
Ivanti Security Advisory: CVE-2025-10243
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE IDs: CVE-2025-10243
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-78
GHSA
GHSA-jwmr-jj8m-x45w: OS command injection in the admin panel of Ivanti EPMM before version 12
ghsa_unreviewed·2025-10-14
CVE-2025-10243 [HIGH] CWE-78 GHSA-jwmr-jj8m-x45w: OS command injection in the admin panel of Ivanti EPMM before version 12
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1281 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-1281 [HIGH] CVE-2026-1281 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1281 :
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Source : NVD
## 9.8
Score
Published January 29, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
Ivanti Endpoint Manager Mobile
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.7
Exploitation Probability (EPSS) 71.8
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager_mobile
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 30, 2026
Linux Severity CRITICAL Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessm
Wiz
CVE-2026-1340 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-1340 [HIGH] CVE-2026-1340 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1340 :
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Source : NVD
## 9.8
Score
Published January 29, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
Ivanti Endpoint Manager Mobile
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.6
Exploitation Probability (EPSS) 67.7
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager_mobile
Sources
Linux Severity CRITICAL Has Fix Added at: Feb 17, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you
2025-10-14
Published