Aggregator

You must login to view this content

Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks

On May 13, Ivanti released a security advisory to address a high severity remote code execution (RCE) and a medium severity authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM) product, a mobile management software that can be used for mobile device management (MDM), mobile application management (MAM) and mobile content management (MCM).

CVE-2025-4427 is an authentication bypass vulnerability in Ivanti’s EPMM. An unauthenticated, remote attacker could exploit this vulnerability to gain access to the server’s application programming interface (API) that is normally only accessible to authenticated users.

CVE-2025-4428 is a RCE in Ivanti’s EPMM. An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device.

An attacker that successfully exploits these flaws could chain them together to execute arbitrary code on a vulnerable device without authentication. Both vulnerabilities are associated with open source libraries used by the EPMM software. Ivanti has indicated that these vulnerabilities have been exploited in the wild in a limited number of cases.

Customers that restrict API access via the Portal ACLs functionality or an external WAF have reduced exposure to these vulnerabilities.

Ivanti has credited the CERT-EU with reporting these vulnerabilities.

At the time this blog post was published, there was no public proof-of-concept available for CVE-2025-4427 or CVE-2025-4428.

The following table details the affected and fixed versions of Ivanti EPMM for both CVE-2025-4427 and CVE-2025-4428:

A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-4427, and CVE-2025-4428 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify public facing assets running Ivanti EPMM by using the following filters:

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution appeared first on Security Boulevard.

Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks

On May 13, Ivanti released a security advisory to address a high severity remote code execution (RCE) and a medium severity authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM) product, a mobile management software that can be used for mobile device management (MDM), mobile application management (MAM) and mobile content management (MCM).

CVE-2025-4427 is an authentication bypass vulnerability in Ivanti’s EPMM. An unauthenticated, remote attacker could exploit this vulnerability to gain access to the server’s application programming interface (API) that is normally only accessible to authenticated users.

CVE-2025-4428 is a RCE in Ivanti’s EPMM. An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device.

An attacker that successfully exploits these flaws could chain them together to execute arbitrary code on a vulnerable device without authentication. Both vulnerabilities are associated with open source libraries used by the EPMM software. Ivanti has indicated that these vulnerabilities have been exploited in the wild in a limited number of cases.

Customers that restrict API access via the Portal ACLs functionality or an external WAF have reduced exposure to these vulnerabilities.

Ivanti has credited the CERT-EU with reporting these vulnerabilities.

At the time this blog post was published, there was no public proof-of-concept available for CVE-2025-4427 or CVE-2025-4428.

The following table details the affected and fixed versions of Ivanti EPMM for both CVE-2025-4427 and CVE-2025-4428:

A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-4427, and CVE-2025-4428 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify public facing assets running Ivanti EPMM by using the following filters:

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The company plans to add its Advanced Protection program on devices, as will use AI to detect and stop scams.

The post Google adds suite of security features to Android 16 appeared first on CyberScoop.

Are You Maximizing the Potential of Your IAM Strategies? Effective data management requires a nuanced understanding of advanced Identity and Access Management (IAM) strategies. Where cyber threats are evolving at a rapid pace, an organization’s cybersecurity fortification needs to keep pace. When a crucial component of successful cybersecurity, IAM strategies are essential for controlling who […]

The post Feel Supported by Advanced IAM Strategies appeared first on Entro.

The post Feel Supported by Advanced IAM Strategies appeared first on Security Boulevard.

Is Your Secrets Management Strategy Straining Your Budget? Organizations are on the lookout for budget-friendly secrets management solutions that provide robust security without causing financial strain. I believe that a comprehensive Non-Human Identities (NHIs) management approach could be the answer. Understanding NHIs and the Need for Budget-Friendly Security Management Non-Human Identities (NHIs) are the machine […]

The post Secrets Management That Fits Your Budget appeared first on Entro.

The post Secrets Management That Fits Your Budget appeared first on Security Boulevard.

Why is the Strategic Management of NHIs Essential? How do we ensure that our cybersecurity measures keep pace? Non-Human Identities (NHIs) present a unique challenge, as they require a different approach to securing their secrets. This task can be complex. However, with a well-rounded approach, it is possible to effectively manage NHIs, reduce the risk […]

The post NHIs Solutions Tailored to Handle Your Needs appeared first on Entro.

The post NHIs Solutions Tailored to Handle Your Needs appeared first on Security Boulevard.

How Does Proactive Non-Human Identity Management Keep You Ahead? Cybersecurity, for years, has been placing humans at the center of the identity universe. But have you considered the indispensable role of Non-Human Identities (NHIs) in your organization’s security matrix? By applying proactive NHI management, you can not only mitigate risks but also enhance efficiency, thereby […]

The post Stay Ahead with Proactive Non-Human Identity Management appeared first on Entro.

The post Stay Ahead with Proactive Non-Human Identity Management appeared first on Security Boulevard.

The register of copyrights cast serious doubt on whether AI companies could legally train their models on copyrighted material. The White House fired her the next day. 

The post Copyright office criticizes AI ‘fair use’ before director’s dismissal  appeared first on CyberScoop.

Microsoft has rolled out Windows 11 Insider Preview Build 26200.5600 (KB5058493) to the Dev Channel, bringing a host of new features, improvements, and fixes for Windows Insiders. Announced by Amanda Langowski and Brandon LeBlanc, this update introduces enhanced Copilot+ PC experiences, refined system functionalities, and support for enterprise users, while addressing several bugs from previous […]

The post Microsoft Windows 11 Insider Preview Build 26200.5600 Released appeared first on Cyber Security News.

On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory corruption vulnerability in the Windows scripting engine (CVE-2025-30397) that is being exploited to remotely execute malicious code. “The user would have to click on a specially crafted URL to be compromised by the attacker,” … More →

The post Patch Tuesday: Microsoft fixes 5 actively exploited zero-days appeared first on Help Net Security.