Threat Intelligence / CVE / CVE-2025-4427

CVE-2025-4427

CISA KEV

CVSS 5.3 (MEDIUM) · EPSS 91.6% · Published 2025-05-13

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-288

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427

Full detection coverage & IOCs for threats exploiting CVE-2025-4427 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence