CVE-2025-4427
Published: 13 May 2025
Summary
CVE-2025-4427 is a medium-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Ivanti Endpoint Manager Mobile. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
CVE-2025-4427 is an authentication bypass vulnerability in the API component of Ivanti Endpoint Manager Mobile versions 12.5.0.0 and prior. The flaw, tracked under CWE-288, carries a CVSS 3.1 base score of 5.3 and permits unauthorized access to protected resources over the network without requiring credentials.
Attackers with network access can exploit the issue anonymously to reach API endpoints that should be restricted, resulting in limited disclosure of sensitive information while leaving integrity and availability unaffected.
The vendor advisory published by Ivanti and the corresponding entry in CISA’s Known Exploited Vulnerabilities catalog outline mitigation steps, including application of available patches or configuration changes to address the authentication weakness.
The vulnerability appears on CISA’s actively exploited list, and its EPSS score has reached a peak of 0.9185 with a current value of 0.9126, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14388
Vulnerability details
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
- CWE(s)
- KEV Date Added
- 19 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization decisions on API requests, blocking the exact bypass that allows unauthenticated access to protected resources.
Requires unique identification and authentication of users before granting access to the system, directly countering the credential-less API access flaw.
Enforces boundary protections and traffic filtering at network interfaces, limiting exposure of the vulnerable unauthenticated API endpoints.