You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-4427
About this tag
CVE-2025-4427 is an authentication bypass vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that, when chained with CVE-2025-4428, enables unauthenticated remote code execution. Discussions on WindowsForum cover CISA's Malware Analysis Report detailing malicious listener malware exploiting these flaws to install HTTP-based backdoors in Tomcat, achieve persistence, and exfiltrate data. The tag includes threat analysis, indicators of compromise, and urgent patch guidance for IT teams managing on-premises mobile device management systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has analyzed malicious “listener” malware actively deployed against Ivanti Endpoint Manager Mobile (EPMM) servers following public proof-of-concept exploit code for CVE-2025-4427 and CVE-2025-4428, and the resulting toolset allows...
CISA’s release of a Malware Analysis Report (MAR) detailing a Malicious Listener discovered on compromised Ivanti Endpoint Manager Mobile (EPMM) systems should reset priorities for every IT team that runs on-premises mobile device management (MDM). The analysis dissects two sets of malware...