CVE-2025-4428
📛 CVE Title
Remote Code Execution
Description
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 7.2 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H- Effective score
- 7.2 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-94 - Reserved
- 2025-05-08
- Published
- 2025-05-13 17:46 UTC
- Last updated
- 2026-02-26 19:28 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/4xxx/CVE-2025-4428.json
- Linked Threat
- CVE-2025-4428 — Remote Code Execution
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-14387 - Assigner
- ivanti
- Published
- May 13, 2025, 3:46:55 PM
- Updated
- Feb 26, 2026, 6:28:35 PM
- EUVD base score (CVSS 3.1)
-
7.2 / 10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 40.9800
- Vendors
- Ivanti
- Products
-
Endpoint Manager Mobile (patch: 12.5.0.1)
- Aliases
-
GHSA-g4m9-9h4j-22xx
ENISA description: Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager Mobile |
12.5.0.1 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:hazards.fema.gov
Access the FEMA Mitigation Planning Portal to manage and update your mitigation plans securely.
2026-05-22 14:15 UTC -
web:msrc.microsoft.com
Security Update Guide - Microsoft Security Response Center
2026-05-22 14:15 UTC -
web:onlyfans.com
OnlyFans is the social platform revolutionizing creator and fan connections. The site is inclusive of artists and content creators from all genres and allows them to monetize their content while developing authentic relationships with their fanbase.
2026-05-22 14:15 UTC -
web:translate.google.com
Google's service, offered free of charge, instantly translates words, phrases, and web pages between English and over 100 other languages.
2026-05-22 14:15 UTC -
web:web.whatsapp.com
Log in to WhatsApp Web for simple, reliable and private messaging on your desktop. Send and receive messages and files with ease, all for free.
2026-05-22 14:15 UTC -
web:www.allrecipes.com
No matter which brand you buy, even the best frozen pizzas can fall flat if they aren't cooked properly. As much as we adore the convenience of a frozen pizza, a pie with a soggy crust or uncooked cheese is a major disappointment. So we asked chefs to share their pro tips about how to cook frozen pizza to crispy, cheesy perfection.
2026-05-22 14:15 UTC -
web:www.gazettenet.com
GAZETTE FILE PHOTO AMHERST — A dozen administrators in the Amherst and Amherst-Pelham Regional schools are accusing Superintendent E. Xiomara Herman of threats of physical harm, creating a ...
2026-05-22 14:15 UTC -
web:www.motortrend.com
https://www.motortrend.com/features/toyotas- fix -bz4x-disconnecting-wheels-recall
2026-05-22 14:15 UTC -
web:www.truckpartsandservice.com
PGI Northstar LLC reaches a deal to buy intellectual property for FRAM and Trico, among others, for $25 million following First Brands' operational collapse. Read more on TPS.
2026-05-22 14:15 UTC -
web:www.youtube.com
A successful vacuum salesman is gunned down outside his Indiana office. As detectives unpack the victims' final 24 hours, all the clues point to a hired hit....
2026-05-22 14:15 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (3)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
- https://attackerkb.com/topics/CVE-2025-4428 rapid7:attackerkb.com
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM rapid7:forums.ivanti.com
- https://www.cve.org/CVERecord?id=CVE-2025-4428 rapid7:www.cve.org
Indicators (1)
IOCs linked to the auto-promoted Threat row.
| Type | Value | VirusTotal | Attached |
|---|---|---|---|
| ipv4 |
12.5.0.0
|
no local data | 2026-05-18 21:19 UTC |
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-4428.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4428",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T03:55:31.805034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4428"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:35.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4428"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-19T00:00:00.000Z",
"value": "CVE-2025-4428 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager Mobile",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "12.5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests."
}
],
"value": "Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:46:55.176Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-4428",
"datePublished": "2025-05-13T15:46:55.176Z",
"dateReserved": "2025-05-08T07:50:52.767Z",
"dateUpdated": "2026-02-26T18:28:35.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}