Vulnerability Description
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Endpoint Manager Mobile | < 11.12.0.5 |
Related Weaknesses (CWE)
References
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-MoVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-4428?
CVE-2025-4428 is a vulnerability with a CVSS score of 7.2 (HIGH). Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
How severe is CVE-2025-4428?
CVE-2025-4428 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4428?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Endpoint Manager Mobile.