The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware of 2 vulnerabilities, one medium and one high severity, in Ivanti Endpoint Manager Mobile (EPMM). The ASD’s ACSC recommends organisations patch to the latest version of Ivanti EPMM, available through Ivanti’s download portal, and investigate whether their systems have been compromised. This alert is relevant to large Australian businesses, organisations, and government. This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services.
Background / What’s Happened?
ASD’s ACSC is tracking 2 vulnerabilities in Ivanti EPMM:
- CVE-2025-4427: Medium severity Authentication Bypass
- CVE-2025-4428: High severity Remote Code Execution
When chained together, these vulnerabilities can provide unauthenticated attackers Remote Code Execution. All versions of Ivanti EPMM prior to and including 12.5.0.0 are vulnerable.
Mitigation / How Do I Stay Secure?
Australian organisations should review their networks for the use of Ivanti EPMM and apply the latest patches available through Ivanti’s download portal. Organisations should review Ivanti’s advisory for mitigation advice until they are able to implement the required patches. Ivanti has provided Analysis Guidance as part of this advisory to assist organisations in determining any active exploitation.
Assistance / Where Can I Go For Help?
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371). Read this alert on the website: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/multiple-vulnerabilities-in-ivanti-endpoint-manager-mobile Are you a victim of cybercrime? Visit ReportCyber to take your next steps.