CVE-2025-4427

Summary

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Affected Software

VendorProductVersion RangeStatus
IvantiEndpoint Manager Mobile12.5.0.1unaffected

Weaknesses

  • CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References