CVE-2025-10242
📛 CVE Title
CVE-2025-10242
Description
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 7.2 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H- Effective score
- 7.2 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-78 - Reserved
- 2025-09-10
- Published
- 2025-10-14 16:14 UTC
- Last updated
- 2026-02-26 18:47 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/10xxx/CVE-2025-10242.json
- Linked Threat
- CVE-2025-10242 — CVE-2025-10242
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-34213 - Assigner
- ivanti
- Published
- Oct 14, 2025, 2:14:49 PM
- Updated
- Feb 26, 2026, 5:47:38 PM
- EUVD base score (CVSS 3.1)
-
7.2 / 10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 9.2300
- Vendors
- Ivanti
- Products
-
Endpoint Manager Mobile (patch: 12.4.0.4)Endpoint Manager Mobile (patch: 12.5.0.4)Endpoint Manager Mobile (patch: 12.6.0.2)
- Aliases
-
GHSA-h25p-jr6x-hjrr
ENISA description: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager Mobile |
12.6.0.2 (unaffected),
12.5.0.4 (unaffected),
12.4.0.4 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:krebsonsecurity.com
Microsoft expects that exploitation is more likely. May's Patch Tuesday is a welcome respite from April, which saw Microsoft fix a near-record 167 security flaws.
2026-05-22 11:36 UTC -
web:nvd.nist.gov
An official website of the United States government Here's how you know
2026-05-22 11:36 UTC -
web:www.absolute.com
Unpack October 2025 Patch Tuesday's top threats—critical CVEs , weaponized vulnerabilities, and expert patching recommendations for Microsoft environments.
2026-05-22 11:36 UTC -
web:www.cisa.gov
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
2026-05-22 11:36 UTC -
web:www.cybersecuritydive.com
The Cybersecurity and Infrastructure Security Agency added two major software flaws to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, acknowledging the evidence that hackers have been using the bugs in recent attacks. CISA added CVE -2024-1708, a high-severity flaw in ConnectWise's ScreenConnect remote-access tool, and CVE -2026-32202, a medium-severity flaw in the Windows Shell ...
2026-05-22 11:36 UTC -
web:www.maketecheasier.com
Check out the latest Windows 11 and Windows 10 update problems and their solutions, as recommended by Microsoft experts.
2026-05-22 11:36 UTC -
web:www.microsoft.com
Security Update Guide Notifications Microsoft's free Security Update Guide Notifications provide links to security-related software updates and notification of re-released security updates. These notifications are sent via email throughout the month as needed.
2026-05-22 11:36 UTC -
web:www.rapid7.com
Microsoft has published 172 new vulnerabilities, including six zero-day vulnerabilities. Windows 10 moves past the end of support, sort of. Critical RCE in Windows Server Update Service.
2026-05-22 11:36 UTC -
web:www.techrepublic.com
Microsoft's April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company's largest monthly security updates.
2026-05-22 11:36 UTC -
web:www.tenable.com
Key takeaways: Microsoft's 2025 Patch Tuesday releases addressed 1,130 CVEs . This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in 2025 , followed by Remote Code Execution flaws at 30.8%. 41 zero-day vulnerabilities were addressed across all Patch Tuesday releases in 2025 , including ...
2026-05-22 11:36 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
Indicators (3)
IOCs linked to the auto-promoted Threat row.
| Type | Value | VirusTotal | Attached |
|---|---|---|---|
| ipv4 |
12.6.0.2
|
no local data | 2026-05-18 21:19 UTC |
| ipv4 |
12.5.0.4
|
no local data | 2026-05-18 21:19 UTC |
| ipv4 |
12.4.0.4
|
no local data | 2026-05-18 21:19 UTC |
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-10242.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-18T03:55:33.163640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:38.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager Mobile",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "12.6.0.2"
},
{
"status": "unaffected",
"version": "12.5.0.4"
},
{
"status": "unaffected",
"version": "12.4.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution."
}
],
"value": "OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:14:49.572Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Endpoint-Manager-Mobile-EPMM-10-2025-Multiple-CVEs?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-10242",
"datePublished": "2025-10-14T14:14:49.572Z",
"dateReserved": "2025-09-10T17:56:52.118Z",
"dateUpdated": "2026-02-26T17:47:38.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}