CVE-2025-4427

MEDIUM KEV NUCLEI

Ivanti Endpoint Manager Mobile < 11.12.0.5 - Authentication Bypass

Title source: rule

Description

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Exploits (4)

exploitdb WORKING POC

by İbrahimsql · pythonremotemultiple

https://www.exploit-db.com/exploits/52421

View Code ZIP pw:eip

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/IvantiEndpointManagerMobile-CVE-2025-4427-RCE.py

View Code ZIP pw:eip

nomisec SCANNER 11 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428

View Code ZIP pw:eip

nomisec WRITEUP

by rxerium · poc

https://github.com/rxerium/CVE-2025-4427-CVE-2025-4428

View Code ZIP pw:eip

Nuclei Templates (1)

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

CRITICALVERIFIEDby iamnoooob,rootxharsh,parthmalhotra,pdresearch

Shodan: http.favicon.hash:"362091310"

FOFA: icon_hash="362091310"

References (2)

[Vendor Advisory] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427

Scores

CVSS v3 5.3

EPSS 0.9126

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CISA KEV 2025-05-19

VulnCheck KEV 2025-05-13

ENISA EUVD EUVD-2025-14388

CWE

CWE-288

Status published

Products (2)

ivanti/endpoint_manager_mobile 12.5.0.0

ivanti/endpoint_manager_mobile < 11.12.0.5

Published May 13, 2025

KEV Added May 19, 2025

Tracked Since Feb 18, 2026