Unrated severityCISA KEVNVD Advisory· Published May 13, 2025· Updated Feb 26, 2026
Remote Code Execution
CVE-2025-4428
Description
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Affected products
2<= 12.5.0.0+ 1 more
- (no CPE)range: <= 12.5.0.0
- (no CPE)range: 12.5.0.1
Patches
Vulnerability mechanics
References
1News mentions
1- Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers nowRisky Business · May 21, 2025