Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild

Wiz Threat Research has confirmed active exploitation of two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM). These vulnerabilities form a chain enabling Remote Code Execution (RCE), posing a severe risk to organizations utilizing this mobile device management solution. The exploitation is currently occurring in-the-wild, indicating immediate threat actor activity targeting unpatched systems. While specific threat actors or malware families were not identified in this report, the nature of the RCE chain suggests potential for full system compromise and lateral movement within affected networks. Organizations are urged to prioritize patching Ivanti EPMM instances immediately to mitigate this risk. This critical severity incident requires urgent remediation to prevent unauthorized access and data exfiltration targeting enterprise mobile infrastructure. Administrators must validate patch levels and monitor logs for exploitation indicators to ensure comprehensive defense against attacks.

Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).

Wiz Threat Research has confirmed active exploitation of two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM). These vulnerabilities form a chain enabling Remote Code Execution (RCE), posing a severe risk to organizations utilizing this mobile device management solution. The exploitation is currently occurring in-the-wild, indicating immediate threat actor activity targeting unpatched systems. While specific threat actors or malware families were not identified in this report, the nature of the RCE chain suggests potential for full system compromise and lateral movement within affected networks. Organizations are urged to prioritize patching Ivanti EPMM instances immediately to mitigate this risk. This critical severity incident requires urgent remediation to prevent unauthorized access and data exfiltration targeting enterprise mobile infrastructure. Administrators must validate patch levels and monitor logs for exploitation indicators to ensure comprehensive defense against attacks. Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).