cbcvebase.
CVE-2025-4427
published 2025-05-13

CVE-2025-4427: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without…

PriorityP196high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2025-06-09
Exploited in the wild
EPSS
99.59%
99.9th percentile
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Affected

4 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager_mobile< 11.12.0.511.12.0.5
ivantiendpoint_manager_mobile
ivantiendpoint_manager_mobile>= 12.3.0.0 < 12.3.0.212.3.0.2
ivantiendpoint_manager_mobile>= 12.4.0.0 < 12.4.0.212.4.0.2

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-4427 affects Ivanti Endpoint Manager Mobile (EPMM) and has been exploited in the wild in limited attacks, chained with CVE-2025-4428 for remote code execution
  • ·The provided source documents do not contain the actual CVE-2025-4427/CVE-2025-4428 blog post content — only sidebar/related-article teasers referencing it. No technical IOCs, exploit paths, affected versions, or detection signatures for CVE-2025-4427 are present in the supplied documents.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck9.8CRITICAL
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.