# CVE-2025-4427

> An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

- **CVSS:** 5.3 (MEDIUM)
- **EPSS:** 91.6%
- **CISA KEV:** yes
- **CWE:** CWE-288

Canonical: https://intel.threadlinqs.com/cve/CVE-2025-4427
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp