CVE-2025-4428: Remote Code Execution

7.2 CVSS

Description

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

Known Exploited

🚨 Marked as known exploited on May 19th, 2025 (12 days ago).

Classification

CVE ID: CVE-2025-4428

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-94: Improper Control of Generation of Code ('Code Injection')

Affected Products

Vendor: Ivanti

Product: Endpoint Manager Mobile

Exploit Prediction Scoring System (EPSS)

EPSS Score: 29.66% (probability of being exploited)

EPSS Percentile: 96.36% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4428
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

Timeline

2025-05-13 16:40:21 UTC
CVE

Remote Code Execution
2025-05-19 18:00:17 UTC
CISA KEV

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
2025-05-19 18:01:18 UTC
🚨 Marked as Known Exploited