Ivanti EPMM Zero-Days: Reconnaissance to Exploitation

Two critical zero-day vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile systems are actively being exploited following a surge in scanning activity. When chained, these flaws enable unauthenticated remote code execution, allowing attackers to bypass authentication and execute arbitrary commands on vulnerable servers. This poses a severe risk to organizations utilizing Ivanti EPMM for mobile device management, potentially leading to complete system compromise. The severity is classified as critical due to the lack of authentication required and the active exploitation status. While specific mitigation steps were not detailed in the report, immediate application of vendor patches and network segmentation are standard recommendations for such vulnerabilities. Security teams must prioritize identifying and securing exposed Ivanti instances to prevent unauthorized access. This campaign highlights the ongoing threat landscape targeting enterprise infrastructure through vulnerability chaining and reconnaissance-driven exploitation techniques requiring urgent attention.

Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.

Two critical zero-day vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile systems are actively being exploited following a surge in scanning activity. When chained, these flaws enable unauthenticated remote code execution, allowing attackers to bypass authentication and execute arbitrary commands on vulnerable servers. This poses a severe risk to organizations utilizing Ivanti EPMM for mobile device management, potentially leading to complete system compromise. The severity is classified as critical due to the lack of authentication required and the active exploitation status. While specific mitigation steps were not detailed in the report, immediate application of vendor patches and network segmentation are standard recommendations for such vulnerabilities. Security teams must prioritize identifying and securing exposed Ivanti instances to prevent unauthorized access. This campaign highlights the ongoing threat landscape targeting enterprise infrastructure through vulnerability chaining and reconnaissance-driven exploitation techniques requiring urgent attention. Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems. Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.