CVE-2025-4428
Published: 13 May 2025
Summary
CVE-2025-4428 is a high-severity Code Injection (CWE-94) vulnerability in Ivanti Endpoint Manager Mobile. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-4428 is a remote code execution vulnerability in the API component of Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and earlier. The flaw, assigned CWE-94, permits code injection through specially crafted requests and carries a CVSS 3.1 score of 7.2 reflecting high impact on confidentiality, integrity, and availability when successfully exploited.
Authenticated attackers with administrative API access can send malicious requests that result in arbitrary code execution on the affected server. Because the attack requires valid high-privilege credentials and targets the network-accessible API, it is most relevant to insiders, compromised administrative accounts, or attackers who have already obtained such credentials.
Ivanti’s security advisory and the associated CISA entry direct customers to apply the vendor-supplied patches for EPMM and to review the hardening guidance published in the advisory. The vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The EPSS score rose from low values to a peak of 0.6390 on 2025-12-18 before receding to the current 0.4098, indicating a clear post-disclosure increase in exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14387
Vulnerability details
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
- CWE(s)
- KEV Date Added
- 19 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of all inputs to the API endpoints, blocking the crafted requests that trigger arbitrary code generation under CWE-94.
Requires timely application of vendor patches to the Ivanti EMM Mobile API component, eliminating the RCE flaw already being exploited in the wild.
Restricts administrative API accounts to the minimum privileges needed, reducing the attack surface available to authenticated users who can otherwise send malicious requests.