Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4427

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Published

2025-05-13T16:15:32.330

Last Modified

2025-05-21T18:45:49.493

Status

Analyzed

Source

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-288

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	endpoint_manager_mobile	< 11.12.0.5	Yes
Application	ivanti	endpoint_manager_mobile	< 12.3.0.2	Yes
Application	ivanti	endpoint_manager_mobile	< 12.4.0.2	Yes
Application	ivanti	endpoint_manager_mobile	12.5.0.0	Yes

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM Vendor Advisory (3c1d8aa1-5a33-4ea4-8992-aadd6440af75)