New! Try the FREE Predictive Security Plugin for WordPress – Scan, Secure & Stay Safe in Seconds!

Download Now
Visit TisaLabs homepage

Current CyberSecurity Advisories

Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM)

Request a Call Back
Release date
14 May 2025
Alert rating
Critical

Description

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware of two vulnerabilities, one medium and one high severity, in Ivanti Endpoint Manager Mobile (EPMM). The ASD’s ACSC recommends organisations patch to the latest version of Ivanti EPMM, available through Ivanti’s download portal, and investigate whether their systems have been compromised.

Audience

Organisations & Critical InfrastructureGovernment

Current update

This alert is relevant to large Australian businesses, organisations, and government.

This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services.

Background

ASD’s ACSC is tracking 2 vulnerabilities in Ivanti EPMM:

  • CVE-2025-4427: Medium severity Authentication Bypass
  • CVE-2025-4428: High severity Remote Code Execution

When chained together, these vulnerabilities can provide unauthenticated attackers Remote Code Execution.

All versions of Ivanti EPMM prior to and including 12.5.0.0 are vulnerable.

Mitigation advice

Australian organisations should review their networks for the use of Ivanti EPMM and apply the latest patches available through Ivanti’s download portal.

Organisations should review Ivanti’s advisory for mitigation advice until they are able to implement the required patches. Ivanti has provided Analysis Guidance as part of this advisory to assist organisations in determining any active exploitation.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).

Source
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/multiple-vulnerabilities-in-ivanti-endpoint-manager-mobile
Back

Protect your assets with Predictive

Find out More
TisaAssist bot
🤖 Hello, how can I assist you today?
I can help you with:
✅ Answer questions related to the website.
✅ Help you understand things you don't know.
❓ What's Tisalabs
💻 What's IoT
🔒 Why sensor data must be protected?