What is the Vulnerability?On May 15, 2025, Ivanti disclosed two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. When chained together, these vulnerabilities can allow unauthenticated remote code execution (RCE) on vulnerable systems.According to a report by EclecticIQ, attackers are actively exploiting the Ivanti EPMM vulnerability (CVE-2025-4428) in the wild. EclecticIQ attributes this activity with high confidence to UNC5221, a China-nexus espionage group. Read more at: [China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability]What is the recommended Mitigation?Ivanti has released updates for Endpoint Manager Mobile (EPMM). Customers should install one of the fixed versions 11.12.0.5, 12.3.0.2, 12.4.0.2 or 12.5.0.1. [Security Advisory Ivanti (CVE-2025-4427 and CVE-2025-4428)]What FortiGuard coverage is available?Intrusion Prevention System (IPS): An IPS signature is available to detect and block exploit attempts targeting CVE-2025-4428. Intrusion Prevention | FortiGuard LabsAntimalware and Sandbox Service: Delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.Indicators of Compromise Service: FortiGuard Labs has blocked all the known Indicators of Compromise (IOCs) linked to the campaigns targeting the Ivanti EPMM Zero Day vulnerabilities.Incident Response Service: The FortiGuard Incident Response team is available to assist with any suspected compromise.Read More
Ivanti EPMM Zero Day Vulnerabilities
by
Tags: