**Name of the Vulnerable Software and Affected Versions:**

Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and earlier

**Description:**

An authentication bypass vulnerability exists in the API component of Ivanti Endpoint Manager Mobile (EPMM), potentially allowing attackers to access protected resources without proper credentials via the API. This vulnerability is actively exploited, with reports indicating the use of malware such as KrustyLoader and Sliver, and is being targeted by Chinese-linked threat actors (UNC5221). Exploitation enables unauthenticated remote code execution (RCE). Over 1,400 exposed instances have been identified in the US and Germany.

**Recommendations:**

Ivanti Endpoint Manager Mobile versions prior to 12.5.0.0 should be updated.

As a temporary workaround, consider filtering API access to reduce the risk of exploitation.