Ivanti Endpoint Manager Mobile Vulnerabilities Let Attackers Execute Remote Code

Ivanti disclosed two high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) product, which could allow remote attackers to execute code on affected systems.

The company has released critical updates to address these issues and urged customers to apply patches immediately to safeguard their environments.

Ivanti EPMM Vulnerabilities

Ivanti has identified two OS command injection flaws, tracked as CVE-2025-6770 and CVE-2025-6771, in versions of Ivanti Endpoint Manager Mobile prior to 12.5.0.2. Both vulnerabilities carry a CVSS score of 7.2 (High), indicating significant risk.

They enable a remote authenticated attacker with high privileges to achieve remote code execution, potentially compromising the integrity, confidentiality, and availability of the system.

The CVSS vector for both issues is recorded as CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, and they are classified under CWE-78 (OS Command Injection).

At the time of disclosure, Ivanti has stated that it is not aware of any active exploitation of these vulnerabilities. The issues were reported through the company’s responsible disclosure program, ensuring that patches were developed before public knowledge of the flaws could be exploited.

The vulnerabilities impact multiple versions of Ivanti Endpoint Manager Mobile. Below is a detailed breakdown of the affected and resolved versions:

Product NameAffected Version(s)Resolved Version(s)Patch Availability
Ivanti Endpoint Manager Mobile12.5.0.1 and prior, 12.4.0.2 and prior, 12.3.0.2 and prior12.5.0.2, 12.4.0.3, 12.3.0.3Download Portal (Login Required)

Customers are strongly encouraged to update to the latest resolved versions 12.5.0.2, 12.4.0.3, or 12.3.0.3 to mitigate the risks associated with these vulnerabilities. The patches are accessible through Ivanti’s download portal.

Ivanti extended gratitude to Piotr Bazydlo (@chudyPB) of watchTowr for responsibly reporting CVE-2025-6771 and collaborating to protect customers.

Addressing concerns about exploitation, Ivanti confirmed that no customers have been compromised by these vulnerabilities prior to public disclosure. Additionally, there are currently no known indicators of compromise due to the absence of public exploitation data.

Organizations are advised to monitor their systems and apply the provided updates promptly to prevent potential threats.

Ivanti customers should act swiftly to ensure their systems are secure against these critical vulnerabilities.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now 

The post Ivanti Endpoint Manager Mobile Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.