CVE-2025-4427: Authentication Bypass

5.3 CVSS

Description

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Known Exploited

🚨 Marked as known exploited on May 13th, 2025 (21 days ago).

Classification

CVE ID: CVE-2025-4427

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-288: Authentication Bypass Using an Alternate Path or Channel

Affected Products

Vendor: Ivanti

Product: Endpoint Manager Mobile

Nuclei Template

http/cves/2025/CVE-2025-4427.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 72.5% (probability of being exploited)

EPSS Percentile: 98.68% (scored less or equal to compared to others)

EPSS Date: 2025-06-03 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4427
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

Timeline