CVE-2025-4427HIGH 7.5CISA KEVEPSS p99.9%

CVE-2025-4427Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti / Endpoint Manager Mobile (EPMM)

Description

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

Scoring

CVSS 3.17.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS99.57% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z
Published2025-05-13
Last modified2025-10-24

CISA KEV entry

Added to KEV: 2025-05-19

Underlying weaknesses· 1

CWE-288

References

  1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4427

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryIvanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerabilitykev-cve-2025-44270%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
CVE
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CVE
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
CVE
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
CVE
CVE-2026-5788
CVE
CVE-2026-5786
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.