**Name of the Vulnerable Software and Affected Versions:**

Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior

**Description:**

Ivanti Endpoint Manager Mobile (EPMM) (formerly MobileIron Core) contains a vulnerability due to improper code generation. This allows a remote attacker to execute arbitrary code. The vulnerability is actively exploited by a China-Nexus threat actor (UNC5221) targeting organizations worldwide, including those in Germany, the UK, the US, Japan, and Korea. Attackers have been observed dumping heap memory from Tomcat Java processes using `jcmd` to search for sensitive information. The exploitation involves a Spring EL Injection vulnerability.

**Recommendations:**

Ivanti Endpoint Manager Mobile versions prior to 12.5.0.0 are affected.

Update to a newer version of Ivanti Endpoint Manager Mobile to address this vulnerability.