(Image credit: Avast)
New research points to flaws used in targets against cloud instancesThe flaws were previously found in on-prem attacksIvanti released a patch so apply it nowTwo bugs affecting Ivanti’s Endpoint Manager Mobile (EPMM), which were discovered and patched in mid-May, are still being abused in real-life attacks. In fact, they are now targeting cloud instances, as well.
This is according to cybersecurity researchers Wiz, who published a new report recently, detailing the new findings.
“Wiz Research has observed ongoing exploitation of these vulnerabilities in-the-wild targeting exposed and vulnerable EPMM instances in cloud environments since May 16th, 2025, coinciding with the publication of POCs by several sources including watchTowr and ProjectDiscovery,” the researchers said in their report.
CISA added the flaws to KEVThe bugs in question are an authentication bypass flaw, and a post-authentication remote code execution (RCE) flaw. They are tracked as CVE-2025-4427, and CVE-2025-4428, and neither was given a critical severity score. “While neither of these vulnerabilities have been assigned critical severity, in combination they should certainly be treated as critical,” Wiz added.
Ivanti addressed the vulnerabilities in a patch released in mid-May this year and warned, in a security advisory, of ongoing attacks.
“We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company said at the time. To address the issue, users should install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.
It is also worth mentioning that the bugs stem from open-source libraries used in EPMM, not the product itself.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Ivanti also stressed that the issue only affected on-prem EPMM products. “It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products,” the company explained. “We urge all customers using the on-prem EPMM product to promptly install the patch.”
In the meantime, CISA added the two bugs to its Known Exploited Vulnerabilities (KEV), giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch up. No threat actors claimed responsibility for any of the attacks so far.
Via The Register
You might also likeSecurity flaw in popular stalkerware apps is exposing phone data of millionsTake a look at our guide to the best authenticator appWe’ve rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
