CVE-2025-4427

MEDIUM KEV NUCLEI

Ivanti Endpoint Manager Mobile < 11.12.0.5 - Authentication Bypass

Title source: rule

Description

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Exploits (4)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/IvantiEndpointManagerMobile-CVE-2025-4427-RCE.py

View Code ZIP pw:eip

nomisec SCANNER 11 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428

View Code ZIP pw:eip

nomisec WRITEUP

by rxerium · poc

https://github.com/rxerium/CVE-2025-4427-CVE-2025-4428

View Code ZIP pw:eip

exploitdb WORKING POC

by İbrahimsql · pythonremotemultiple

https://www.exploit-db.com/exploits/52421

View Code ZIP pw:eip

Nuclei Templates (1)

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

CRITICALVERIFIEDby iamnoooob,rootxharsh,parthmalhotra,pdresearch

Shodan: http.favicon.hash:"362091310"

FOFA: icon_hash="362091310"

References (2)

[Vendor Advisory] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427

Scores

CVSS v3 5.3

EPSS 0.9132

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitation Intel

CISA KEV 2025-05-19

VulnCheck KEV 2025-05-13

ENISA EUVD EUVD-2025-14388

Classification

CWE

CWE-288

Status published

Affected Products (2)

ivanti/endpoint_manager_mobile < 11.12.0.5

ivanti/endpoint_manager_mobile

Timeline

Published May 13, 2025

KEV Added May 19, 2025

Tracked Since Feb 18, 2026