Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers are already taking advantage of a pair of flaws in older versions of Ivanti EPMM that could lead to remote code execution.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has shared a critical alert warning of a pair of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) that could lead to disastrous consequences if left unattended.
CVE-2025-4427 is a medium severity authentication bypass flaw, while CVE-2025-4428 is a high severity remote code execution bug.
When paired together in a single kill chain, unauthorised attackers may be able to achieve remote code execution. The vulnerabilities are present in all versions of Ivanti EPMM 12.5.0.0 and earlier.
“Australian organisations should review their networks for the use of Ivanti EPMM and apply the latest patches available through Ivanti’s download portal,” the ACSC said in a 14 May critical alert.
Ivanti has also provided further mitigation advice, chief of which is filtering access to the API.
“The risk to customers is significantly reduced if they already filter access to the API using either the built-in Portal ACLs functionality or an external WAF,” Ivanti said in its 13 May advisory.
Ivanti also noted that it was aware of a “very limited number of customers whose solution has been exploited at the time of disclosure”.
Further mitigation advice can be found here.
Ivanti was recently in the news regarding revelations that Chinese hackers were actively exploiting a vulnerability in its Ivanti Connect Secure platform. This was another remote code execution vulnerability – CVE-2025-22457 – that Mandiant was confident was being exploited by nation-state hackers earlier in 2025..
“This latest activity from UNC5221 underscores the ongoing targeting of edge devices globally by China-nexus espionage groups,” Charles Carmakal, Mandiant Consulting’s chief technology officer, said in a 4 April statement.
“These actors will continue to research security vulnerabilities and develop custom malware for enterprise systems that don’t support EDR solutions. The velocity of cyber intrusion activity by China-nexus espionage actors continues to increase, and these actors are better than ever.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
