Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
By sending a specially crafted HTTP GET request to the Ivanti EPMM endpoint, an attacker can bypass the authentication mechanisms. This can be chained with CVE-2025-4428 to achieve remote code execution.
References
|
| CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
By sending a specially crafted HTTP GET request to the Ivanti EPMM endpoint, an attacker can bypass the authentication mechanisms. This can be chained with CVE-2025-4428 to achieve remote code execution.
References
|
| CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
By sending a specially crafted HTTP GET request to the Ivanti EPMM endpoint, an attacker can bypass the authentication mechanisms. This can be chained with CVE-2025-4428 to achieve remote code execution.
References
|
| CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | secondary_impact | T1505.003 | Web Shell |
Comments
By sending a specially crafted HTTP GET request to the Ivanti EPMM endpoint, an attacker can bypass the authentication mechanisms. This can be chained with CVE-2025-4428 to achieve remote code execution.
References
|