Threat Intelligence / CVE / CVE-2025-4428

CVE-2025-4428

CISA KEV
CVSS 7.2 (HIGH) · EPSS 48.0% · Published 2025-05-13

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-94

References

Full detection coverage & IOCs for threats exploiting CVE-2025-4428 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence