cbcvebase.
CVE-2025-4428
published 2025-05-13

CVE-2025-4428: Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute…

PriorityP197high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2025-06-09
Exploited in the wild
EPSS
87.53%
99.7th percentile
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianlibhibernate-validator-java
debianlibhibernate-validator4-java
ivantiendpoint_manager_mobile< 11.12.0.511.12.0.5
ivantiendpoint_manager_mobile
ivantiendpoint_manager_mobile>= 12.3.0.0 < 12.3.0.212.3.0.2
ivantiendpoint_manager_mobile>= 12.4.0.0 < 12.4.0.212.4.0.2
redhathibernate_validator< 6.2.06.2.0

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa8.8HIGH
osv8.8HIGH
vulncheck9.8CRITICAL
cisa6.9MEDIUM
vendor_debian7.9HIGH
vendor_redhat7.9HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.

CVE-2025-4428 — Code Injection in Ivanti | cvebase