Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Endpoint Manager Mobile  >> 12.4.0.1  Security Vulnerabilities
CVE-2025-10242
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.015
Published
2025-10-14
CVE-2025-10243
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.015
Published
2025-10-14
CVE-2025-10985
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.015
Published
2025-10-14
CVE-2025-10986
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.
CVSS Score
4.7
EPSS Score
0.003
Published
2025-10-14
CVE-2025-6771
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.019
Published
2025-07-08
CVE-2025-6770
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.019
Published
2025-07-08
CVE-2025-4427
Known exploited
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS Score
5.3
EPSS Score
0.908
Published
2025-05-13
CVE-2025-4428
Known exploited
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS Score
7.2
EPSS Score
0.336
Published
2025-05-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved