Ivanti: >> Endpoint Manager Mobile >> 11.9.1.0 Security Vulnerabilities
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.015
Published
2025-10-14
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.015
Published
2025-10-14
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.015
Published
2025-10-14
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.
CVSS Score
4.7
EPSS Score
0.003
Published
2025-10-14
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.019
Published
2025-07-08
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.019
Published
2025-07-08
CVE-2025-4427
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Known exploited
CVSS Score
5.3
EPSS Score
0.908
Published
2025-05-13
CVE-2025-4428
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Known exploited
CVSS Score
7.2
EPSS Score
0.336
Published
2025-05-13
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-08
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-08-07
Page 1