**Name of the Vulnerable Software and Affected Versions:**

Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and earlier

**Description:**

An authentication bypass vulnerability exists in the API component of Ivanti Endpoint Manager Mobile (EPMM). This flaw allows attackers to access protected resources without proper credentials via the API. Exploitation of this vulnerability has been observed in real-world attacks by the China-linked UNC5221 threat actor, targeting organizations in the defense, healthcare, and finance sectors. These attacks involve the deployment of malware such as KrustyLoader and Sliver. The vulnerability enables unauthenticated Remote Code Execution (RCE). Over 1,400 exposed instances have been identified in the US and Germany.

**Recommendations:**

Ivanti Endpoint Manager Mobile versions prior to 12.5.0.0 should be updated to a fixed version. As a temporary workaround, consider filtering API access to minimize the risk of exploitation.