Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The investigation is ongoing and Ivanti does not have reliable atomic indicators [of compromise] at this time. Customers should reach out to our Support Team for guidance,” the company said. CVE-2025-4427 and CVE-2025-4428 The exploited vulnerabilities … More
The post Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) appeared first on Help Net Security.
This article has been indexed from Help Net Security