CVE-2025-4428

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior

Description A flaw exists in the API component of Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated attackers to execute arbitrary code through crafted API requests. This issue is related to incorrect management of code generation. Reports indicate that this issue is being actively exploited by a China-Nexus threat actor (UNC5221) to target organizations globally, including those in the government, healthcare, and finance sectors, for espionage and data theft. The exploitation involves dumping heap memory from Tomcat Java processes using

jcmd

to search for sensitive information. The vulnerability allows for unauthenticated remote code execution in some instances.

Recommendations For versions prior to 12.5.0.0, apply the latest available updates or patches from Ivanti to address the vulnerability.