SecurityWeek reports that updates have been issued by Ivanti to address a pair of zero-day vulnerabilities in its Endpoint Manager Mobile offering, which have been chained in ongoing attacks that were confirmed to have impacted very few of its customers.
Exploitation of the medium-severity authentication bypass flaw, tracked as CVE-2025-4427, and the high-severity remote code execution issue, tracked as CVE-2025-4428, could result in remote arbitrary code execution, according to Ivanti, which has urged the immediate application of the patches as it noted the significantly reduced odds of compromise should the portal's ACLs functionality or external WAF be leveraged to filter API access. Ivanti has also fixed a critical Neurons for ITSM authentication bypass vulnerability, tracked as CVE-2025-22462, a high-severity Cloud Security Application bug, tracked as CVE-2025-22460, and a medium-severity Ivanti Neurons for MDM flaw, which has yet to be given a CVE designation. All three security defects, which could be harnessed for remote resource tampering, have not yet been exploited.
Exploitation of the medium-severity authentication bypass flaw, tracked as CVE-2025-4427, and the high-severity remote code execution issue, tracked as CVE-2025-4428, could result in remote arbitrary code execution, according to Ivanti, which has urged the immediate application of the patches as it noted the significantly reduced odds of compromise should the portal's ACLs functionality or external WAF be leveraged to filter API access. Ivanti has also fixed a critical Neurons for ITSM authentication bypass vulnerability, tracked as CVE-2025-22462, a high-severity Cloud Security Application bug, tracked as CVE-2025-22460, and a medium-severity Ivanti Neurons for MDM flaw, which has yet to be given a CVE designation. All three security defects, which could be harnessed for remote resource tampering, have not yet been exploited.
