Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and CVE-2025-4428, the vulnerabilities are being exploited in the wild. The advisory states, “When chained together, successful exploitation could lead to unauthenticated remote code execution.” CISA added the CVEs to its Known Exploited Vulnerabilities Catalog and … Continue reading “CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)”
Tag: Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35082)
Stephen Fewer from Rapid7 has discovered a vulnerability in the Ivanti EPMM. The vulnerability was found when the researchers were investigating another zero-day vulnerability CVE-2023-35078. Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to access the API and user information. CVE-2023-35082 has been given the critical severity rating with a CVSS score 10. … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35082)”
Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)
Ivanti EPMM, formerly MobileIron Core, is facing another zero-day vulnerability CVE-2023-35081. Successful exploitation of the vulnerability will allow an authenticated administrator to perform arbitrary file writes to the EPMM server. Arbitrary file write (AFW) is a type of vulnerability that can allow attackers to escalate their privileges and even achieve remote code execution (RCE) on … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)”
Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35078)
A zero-day authentication bypass vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM). CVE-2023-35078 has been given critical severity ratings with a CVSS score of 10. Successful exploitation of the vulnerability may allow unauthorized users to access restricted functionality or resources of the application. CISA has added a publicly exploited CVE-2023-35078 to its Known … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35078)”
