Sonny Macdonald

3 exploits Active since May 2025
CVE-2025-4427 METASPLOIT MEDIUM ruby WORKING POC
Ivanti Endpoint Manager Mobile <= 12.5.0.0 - Unauthenticated Authentication Bypass via API
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS 5.3
CVE-2025-4428 METASPLOIT HIGH ruby WORKING POC
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS 7.2
CVE-2025-57791 METASPLOIT MEDIUM ruby WORKING POC
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
CVSS 6.5