CVE Details

CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Published: 2025-05-19 CVSS: 5.3 MEDIUM Product: Ivanti Endpoint Manager Mobile (EPMM) Due Date: 2025-06-09

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 5.3
  • Severity: MEDIUM
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

  • Exploitation: active
  • Automatable: yes
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2025-4427
cveMetadata > assignerOrgId 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName ivanti
cveMetadata > dateReserved 2025-05-08T07:50:50.421Z
cveMetadata > datePublished 2025-05-13T15:45:35.145Z
cveMetadata > dateUpdated 2026-02-26T18:28:36.303Z
containers > cna > affected > 0 > defaultStatus affected
containers > cna > affected > 0 > product Endpoint Manager Mobile
containers > cna > affected > 0 > vendor Ivanti
containers > cna > affected > 0 > versions > 0 > status unaffected
containers > cna > affected > 0 > versions > 0 > version 12.5.0.1
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > supportingMedia > 0 > base64 False
containers > cna > descriptions > 0 > supportingMedia > 0 > type text/html
containers > cna > descriptions > 0 > supportingMedia > 0 > value An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
containers > cna > descriptions > 0 > value An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
containers > cna > impacts > 0 > capecId CAPEC-115
containers > cna > impacts > 0 > descriptions > 0 > lang en
containers > cna > impacts > 0 > descriptions > 0 > value CAPEC-115 Authentication Bypass
containers > cna > metrics > 0 > cvssV3_1 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV3_1 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV3_1 > availabilityImpact NONE
containers > cna > metrics > 0 > cvssV3_1 > baseScore 5.3
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity MEDIUM
containers > cna > metrics > 0 > cvssV3_1 > confidentialityImpact LOW
containers > cna > metrics > 0 > cvssV3_1 > integrityImpact NONE
containers > cna > metrics > 0 > cvssV3_1 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV3_1 > scope UNCHANGED
containers > cna > metrics > 0 > cvssV3_1 > userInteraction NONE
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-288
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-288: Authentication Bypass Using an Alternate Path or Channel
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > providerMetadata > orgId 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
containers > cna > providerMetadata > shortName ivanti
containers > cna > providerMetadata > dateUpdated 2025-05-13T15:45:35.749Z
containers > cna > references > 0 > url https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
containers > cna > source > discovery UNKNOWN
containers > cna > title Authentication Bypass
containers > cna > x_generator > engine Vulnogram 0.2.0
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > id CVE-2025-4427
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation active
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > metrics > 0 > other > content > timestamp 2025-05-21T03:55:30.347168Z
containers > adp > 0 > metrics > 1 > other > type kev
containers > adp > 0 > metrics > 1 > other > content > dateAdded 2025-05-19
containers > adp > 0 > metrics > 1 > other > content > reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427
containers > adp > 0 > references > 0 > url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427
containers > adp > 0 > references > 0 > tags > 0 government-resource
containers > adp > 0 > timeline > 0 > time 2025-05-19T00:00:00.000Z
containers > adp > 0 > timeline > 0 > lang en
containers > adp > 0 > timeline > 0 > value CVE-2025-4427 added to CISA KEV
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-02-26T18:28:36.303Z