**Name of the Vulnerable Software and Affected Versions:**

Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior

**Description:**

Ivanti Endpoint Manager Mobile (EPMM) contains a remote code execution (RCE) vulnerability in its API component. This flaw is due to improper code generation management. Authenticated attackers can exploit this vulnerability by sending crafted API requests to execute arbitrary code. The vulnerability is actively being exploited by a China-Nexus threat actor (UNC5221) targeting organizations globally, including those in Germany, the UK, the US, Japan, and Korea, for espionage and data theft. Attackers have been observed dumping heap memory from Tomcat Java processes using `jcmd` to search for sensitive information.

**Recommendations:**

Ivanti Endpoint Manager Mobile versions prior to 12.5.0.0 are affected.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.