CERT-EU

2 exploits Active since May 2025
CVE-2025-4427 METASPLOIT MEDIUM ruby WORKING POC
Ivanti Endpoint Manager Mobile <= 12.5.0.0 - Unauthenticated Authentication Bypass via API
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS 5.3
CVE-2025-4428 METASPLOIT HIGH ruby WORKING POC
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS 7.2