CNVD-2025-09949 — Vulnetix

CNVD-2025-09949 PUBLISHED

Ivanti Endpoint Manager Mobile（EPMM）是一款企业级的移动设备管理解决方案，用于集中管理和保护企业中的移动设备，支持设备注册、应用分发、安全策略实施等功能。 Ivanti Endpoint Manager Mobile存在身份认证绕过漏洞，该漏洞源于API组件未能正确验证输入数据，攻击者可利用该漏洞通过精心构造的API请求绕过认证机制。

Exploit Intelligence

Detection for CVE-2025-4427 and CVE-2025-4428 (github-poc)
Detection for CVE-2025-4427 and CVE-2025-4428 (github-poc)
watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428 (github-poc)
watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428 (github-poc)
CVE-2025-4427.json (github-poc)
kev.json (github-poc)
web_invanti_epmm_cve_2025_4427_and_cve_2025_4428.yml (github-poc)
web_invanti_epmm_cve_2025_4427_and_cve_2025_4428.yml (github-poc)
agent_group.yaml (github-poc)
CVE-2025-4427.json (github-poc)

…and 8 more exploits

Timeline

May 13, 2025 CVE Published

Open in Interactive Console →