Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
https://cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
https://hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html
https://www.theregister.com/2025/09/19/cisa_ivanti_bugs_exploited/
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
https://thehackernews.com/2025/07/hackers-exploit-sharepoint-zero-day.html
https://www.theregister.com/2025/07/21/massive_security_snafu_microsoft/
https://www.infosecurity-magazine.com/news/ivanti-vulnerability-exploit-could/
https://cyberscoop.com/ivanti-epmm-defects-exploited/
https://socprime.com/blog/detect-badsuccessor-attacks/
https://www.theregister.com/2025/05/23/ivanti_chinese_spies_attack/
https://thehackernews.com/2025/05/chinese-hackers-exploit-ivanti-epmm.html
https://www.theregister.com/2025/05/14/ivanti_patches_two_zerodays_and/
https://www.securityweek.com/ivanti-patches-two-epmm-zero-days-exploited-to-hack-customers/
https://www.infosecurity-magazine.com/news/fortinet-ivanti-zero-days/
https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html
Published: 2025-05-13
Updated: 2025-10-24
Known Exploited Vulnerability (KEV)
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.83641
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest