Ivanti has rolled out urgent fixes for two serious flaws in its Endpoint Manager Mobile (EPMM) system. These Ivanti EPMM zero-days were used in active attacks, putting customer systems at risk of remote control.
The bugs, CVE-2025-4427 and CVE-2025-4428, come from open-source libraries inside EPMM. One lets attackers bypass login checks, and the other allows remote code execution. Used together, they let hackers break in without needing any credentials.
Ivanti says only a small number of customers were affected so far. Even so, the company urges all users to act fast. Blocking API access using ACLs or a web application firewall (WAF) can help. Still, applying the latest patch is the most effective way to stay safe.
Fixes are now available in these versions:
- EPMM 11.12.0.5
- EPMM 12.3.0.2
- EPMM 12.4.0.2
- EPMM 12.5.0.1
The company is also working with the teams behind the open-source code to see if more flaws exist. More CVEs may follow after a deeper review.
To help customers, Ivanti has boosted its support staff and shared clear patch instructions. You’ll find full steps in the latest Ivanti Security Advisory.
Ivanti also patched three other issues:
- In Neurons for ITSM, a bug (CVE-2025-22462) let attackers gain admin rights remotely. This critical flaw scored 9.8.
- In Cloud Security Application (CSA), CVE-2025-22460 exposed hardcoded login details that could be abused locally.
- In Neurons for MDM (N-MDM), another bug (no CVE assigned yet) let unauthenticated users mess with key resources.
None of these three flaws have been seen in attacks yet. However, Ivanti recommends applying the fixes now to lock down any weak spots.
