cbcvebase.
CVE-2025-6770
published 2025-07-08

CVE-2025-6770: OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve…

PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
12.31%
95.7th percentile
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager_mobile< 12.3.0.312.3.0.3
ivantiendpoint_manager_mobile>= 12.4.0.0 < 12.4.0.312.4.0.3
ivantiendpoint_manager_mobile>= 12.5.0.0 < 12.5.0.212.5.0.2

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is Ivanti Endpoint Manager Mobile (EPMM) versions before 12.5.0.2; detect exploitation attempts via OS command injection in authenticated high-privilege sessions against EPMM endpoints
  • ·Exploitation requires remote authentication with high privileges (not unauthenticated); scope is limited to privileged attacker sessions
  • ·Vulnerability class is OS command injection (CWE-78) with a CVSS Base Score of 7.2 (HIGH); patched in EPMM version 12.5.0.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.