CVE-2025-4428

Remote Code Execution

CVSS 7.2 HIGHEPSS 87.5%● KEVCWE-94

In short

An authenticated attacker can send specially crafted requests to the API in Ivanti Endpoint Manager Mobile (version 12.5.0.0 and earlier) to execute arbitrary code on the system. This is dangerous because it allows complete control over the affected device.

Technical detail

CWE-94 (Improper Control of Generation of Code) vulnerability in the Ivanti Endpoint Manager Mobile API component allows authenticated users to execute arbitrary code through maliciously crafted API requests. The attack requires prior authentication and affects versions 12.5.0.0 and earlier across unspecified platforms, resulting in complete system compromise.

Summary generated and translated by AI from the official description.

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Ivanti · Endpoint Manager Mobile

public PoCs found — 1

githubgithub.com/xie-22/CVE-2025-4428★ 4

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4428