CVE-2025-10985
published 2025-10-14CVE-2025-10985: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin…
PriorityP264high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
21.11%
97.3th percentile
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 12.4.0.4 | 12.4.0.4 |
| ivanti | endpoint_manager_mobile | >= 12.5.0.0 < 12.5.0.4 | 12.5.0.4 |
| ivanti | endpoint_manager_mobile | >= 12.6.0.0 < 12.6.0.2 | 12.6.0.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is OS command injection (CWE-78) in the Ivanti EPMM admin panel; monitor for anomalous OS command execution originating from the EPMM admin interface process ↗
- →Restrict and audit admin panel access to Ivanti EPMM; alert on authenticated admin sessions performing unexpected shell/command execution ↗
- ·Vulnerability affects Ivanti EPMM versions prior to 12.6.0.2, 12.5.0.4, and 12.4.0.4; ensure patched versions are deployed to remediate ↗
- ·Exploitation requires remote authenticated attacker with admin privileges; enforce least-privilege and MFA on admin accounts to reduce attack surface ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-10985
vendor_ivanti·2025-10-14·CVSS 7.2
CVE-2025-10985 [HIGH] CWE-78 Ivanti Security Advisory: CVE-2025-10985
Ivanti Security Advisory: CVE-2025-10985
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE IDs: CVE-2025-10985
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-78
GHSA
GHSA-v8pq-c937-5mwc: OS command injection in the admin panel of Ivanti EPMM before version 12
ghsa_unreviewed·2025-10-14
CVE-2025-10985 [HIGH] CWE-78 GHSA-v8pq-c937-5mwc: OS command injection in the admin panel of Ivanti EPMM before version 12
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1281 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-1281 [HIGH] CVE-2026-1281 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1281 :
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Source : NVD
## 9.8
Score
Published January 29, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
Ivanti Endpoint Manager Mobile
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.7
Exploitation Probability (EPSS) 71.8
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager_mobile
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 30, 2026
Linux Severity CRITICAL Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessm
Wiz
CVE-2026-1340 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-1340 [HIGH] CVE-2026-1340 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1340 :
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Source : NVD
## 9.8
Score
Published January 29, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
Ivanti Endpoint Manager Mobile
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.6
Exploitation Probability (EPSS) 67.7
Affected packages and libraries
cpe:2.3:a:ivanti:endpoint_manager_mobile
Sources
Linux Severity CRITICAL Has Fix Added at: Feb 17, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you
2025-10-14
Published