VDB
CISA-2025-4427
CISA-2025-4427
PUBLISHED
CVSS 5.3 MEDIUM
Reported by ivanti · Published May 13, 2025
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Risk Scores
CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Endpoint Manager Mobile | 12.5.0.1 |
| Ivanti | Endpoint Manager Mobile | 12.5.0.1, 12.5.0.1 |
Timeline
- May 13, 2025 CVE Published
- Feb 26, 2026 CVE Updated