KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

7.2

CVSS
High

CVE-2025-4428

PUBLISHED

Remote Code Execution

Exploited in the wild Remote Low complexity No user interaction

Vendor: Ivanti
Product: Endpoint Manager Mobile
Published: May 13, 2025
EPSS: 9.6% · 92% pctl

Description

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

cisa edge metasploit

CVSS scores

CVSS v3.1 7.2 High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-05-21 13:11:37 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE	May 21, 2025

Scanner integrations

Scanner	Reference	Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ivanti_epmm_rce_cve_2025_4427_4428.rb	Jun 09, 2025

Recent mentions

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

TheHackerNews · May 22, 2025

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a

Timeline

CVE ID Reserved

May 08, 2025
CVE Published to Public

May 13, 2025
Added to KEVIntel

May 21, 2025
Detected by Metasploit

June 09, 2025