What’s new: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding two malware strains exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically CVE-2025-4427 and CVE-2025-4428. These vulnerabilities were exploited to gain unauthorized access and execute arbitrary code on compromised servers.
Who’s affected
Organizations using Ivanti EPMM are at risk, particularly those that have not applied the security patches released in May 2025 for CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (remote code execution).
What to do
- Update Ivanti EPMM to the latest version to mitigate the vulnerabilities.
- Monitor for signs of suspicious activity on affected systems.
- Implement access restrictions to prevent unauthorized access to mobile device management (MDM) systems.
