VDB

CISA-2025-4427

CISA-2025-4427 PUBLISHED CVSS 5.3 MEDIUM

Reported by ivanti · Published May 13, 2025

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
IvantiEndpoint Manager Mobile12.5.0.1
IvantiEndpoint Manager Mobile12.5.0.1, 12.5.0.1

Timeline

  • May 13, 2025 CVE Published
  • Feb 26, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›