CVE-2025-4428 Ivanti CVE debrief

Who should care

Ivanti EPMM administrators, MDM/MEM platform owners, security operations, vulnerability management, and incident response teams responsible for EPMM deployments.

Technical summary

The supplied sources identify CVE-2025-4428 as a code injection vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM). CISA added the CVE to the Known Exploited Vulnerabilities catalog on 2025-05-19, with a remediation due date of 2025-06-09 and guidance to apply vendor mitigations or discontinue use if mitigations are unavailable. The corpus does not include affected versions, exploit mechanics, or a CVSS score.

Defensive priority

Critical

Recommended defensive actions

• Inventory all Ivanti Endpoint Manager Mobile (EPMM) deployments and confirm whether any instance is exposed or mission-critical.
• Apply vendor mitigations or patches according to Ivanti guidance as soon as possible.
• Prioritize remediation before the CISA KEV due date of 2025-06-09.
• If mitigations are unavailable, follow CISA guidance to discontinue use of the product.
• Review EPMM-related logs, alerts, and administrative activity for suspicious or unexpected behavior.
• Validate incident-response and recovery plans in case containment is needed.

Evidence notes

The source corpus is limited to CISA's Known Exploited Vulnerabilities feed plus official CVE/NVD references. The KEV entry explicitly marks CVE-2025-4428 as known exploited, lists the product as Ivanti Endpoint Manager Mobile (EPMM), sets dateAdded to 2025-05-19 and dueDate to 2025-06-09, and records knownRansomwareCampaignUse as Unknown. No CVSS score or affected-version data was supplied in the corpus.

Official resources