Threat Pulse Cyber threat intelligence · Manera Fintech
← back to catalog

CVE-2025-4427

Ivanti / Endpoint Manager Mobile (EPMM)

Added 2025-05-19 Due 2025-06-09

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4427

Metadata

Added to KEV2025-05-19
Remediation due2025-06-09
Ransomware useUnknown
CWEsCWE-288
Ingested2026-04-24 15:03:13

Cross-mesh regulatory overlay LexiWorld · RegulatoryRadar

If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.