Vulnerability Description
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Endpoint Manager Mobile | < 11.12.0.5 |
Related Weaknesses (CWE)
References
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-MoVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-4427?
CVE-2025-4427 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
How severe is CVE-2025-4427?
CVE-2025-4427 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4427?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Endpoint Manager Mobile.