1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Ivanti patches two zero-days that could lead to RCE in Endpoint M

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 14, 2025 13:15:10
    Ivanti patches two zero-days that could lead to RCE in Endpoint Manager Mobile

    Date:
    Wed, 14 May 2025 12:00:00 +0000

    Description:
    A patch and a workaround are available but Ivanti urges users patch up.

    FULL STORY ======================================================================Ivanti patched two flaws being chained to mount RCE attacks A "limited number" of companies were allegedly compromised Only on-prem products are affected

    Ivanti has released a patch for two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, thats allegedly being chained in remote code
    execution (RCE) attacks in the wild.

    The vulnerabilities are tracked as CVE-2025-4427, and CVE-2025-4428. The former is an authentication bypass in EPMMs API, allowing threat actors to access protected resources. It was assigned a medium-severity score of 5.3.

    The latter is an RCE vulnerability exploited through maliciously crafted API requests. This one was given a high severity score (7.2/10).

    Save up to 68% on identity theft protection for Techradar readers

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

    Preferred partner ( What does this mean? ) View Deal Updating the tools

    Ivanti says its seen it abused in attacks: "When chained together, successful exploitation could lead to unauthenticated remote code execution, the company said in a security advisory. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure."

    To address the issue, users should install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.

    "The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products," the company further explained. "We urge all customers using the on-prem EPMM product to promptly install the patch."

    Ivantis EPMM software is a popular solution across different industries, including healthcare, education, logistics, manufacturing, and government. According to The Shadowserver, there are hundreds of exposed instances at the moment, mostly in Germany (992), but with a significant number in the United States (418), as well.

    Those that cannot apply the patch at this time can implement different workarounds. Ivanti said these users should follow best practice guidance or filtering access to the API using either the built-in Portal ACLs functionality, or an external WAF. More details on using the portals ACL functionality can be found here .

    Via BleepingComputer You might also like Maximum severity vulnerability puts over 1200 SAP NetWeaver servers at risk of hijacking Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ivanti-patches-two-zero-days-that-could -lead-to-rce-in-endpoint-manager-mobile


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)