Unrated severityCISA KEVNVD Advisory· Published May 13, 2025· Updated Feb 26, 2026

Authentication Bypass

CVE-2025-4427

Description

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Affected products

Ivanti/Endpoint Manager Mobilev5
Range: 12.5.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMMmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.073
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000