Ivanti Flaws: Hackers Exploiting Patched Bugs for a Java Jamboree!

Wiz warns of Ivanti Endpoint Manager Mobile vulnerabilities being exploited in the wild. These medium-severity flaws, when combined, create a critical security risk, but don’t worry—it’s only as risky as using a hairdryer in the bathtub. Update now before your network becomes the next star in a hacker’s comedy show!

3P
Published: May 21, 2025 10:00 amAdded: May 21, 2025 at 3:19 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Ah, the joys of software updates! Just when you thought you could take a break from patching, here comes Ivanti with a double whammy. With flaws that are like a Bonnie and Clyde duo of vulnerabilities, they invite hackers to a field day. Time to roll up those sleeves, folks!

Key Points:

  • Two vulnerabilities, CVE-2025-4427 and CVE-2025-4428, have been actively exploited in Ivanti EPMM.
  • Vulnerabilities include an authentication bypass and remote code execution (RCE) issue.
  • Flaws were found in open source libraries used by EPMM, marked as medium severity but critical when combined.
  • Wiz observed ongoing exploitation since proof-of-concept (PoC) code was released on May 16.
  • Ivanti recommends updating to patched versions: 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?