CVE-2025-4428 - Geek Feed

CISA exposes malware kits deployed in Ivanti EPMM attacks

September 23, 2025September 23, 2025 geekfeed0Tagged 0day, Authentication Bypass, CVE-2025-4427, CVE-2025-4428, Ivanti, Ivanti Endpoint Manager Mobile, rce, Remote Code Execution, Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The flaws are an authentication bypass in EPMM’s API component (CVE-2025-4427) and a code injection vulnerability (CVE-2025-4428) that allows execution of arbitrary code. The two vulnerabilities affect the following […]

3 mins read

Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies

May 25, 2025May 25, 2025 geekfeed0Tagged Actively Exploited, china, CVE-2025-4428, Ivanti, Ivanti Endpoint Manager Mobile, UNC5221, vulnerability

Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. The flaw is identified as CVE-2025-4428 and received a high-severity score. The issue can be leveraged to execute code remotely on Ivanti EPMM version 12.5.0.0 and earlier via specially crafted API requests. Ivanti disclosed the flaw together […]

3 mins read

Ivanti fixes EPMM zero-days chained in code execution attacks

May 18, 2025May 18, 2025 geekfeed0Tagged 0day, Actively Exploited, Authentication Bypass, bypass, CVE-2025-4428, Ivanti, Ivanti Endpoint Manager Mobile, rce, Remote Code Execution, Zero-Day

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. “Ivanti has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability,” the company said. “When chained together, successful exploitation could lead to unauthenticated remote […]

2 mins read