Recommended reading

These two Ivanti bugs are allowing hackers to target cloud instances - so patch now

News
By published

Ivanti patched them weeks ago.

Avast cybersecurity
(Image credit: Avast)
  • New research points to flaws used in targets against cloud instances
  • The flaws were previously found in on-prem attacks
  • Ivanti released a patch so apply it now

Two bugs affecting Ivanti’s Endpoint Manager Mobile (EPMM), which were discovered and patched in mid-May, are still being abused in real-life attacks. In fact, they are now targeting cloud instances, as well.

This is according to cybersecurity researchers Wiz, who published a new report recently, detailing the new findings.

“Wiz Research has observed ongoing exploitation of these vulnerabilities in-the-wild targeting exposed and vulnerable EPMM instances in cloud environments since May 16th, 2025, coinciding with the publication of POCs by several sources including watchTowr and ProjectDiscovery,” the researchers said in their report.

60% off for Techradar readers

60% off for Techradar readers

With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus.

Preferred partner (What does this mean?)

View Deal

CISA added the flaws to KEV

The bugs in question are an authentication bypass flaw, and a post-authentication remote code execution (RCE) flaw. They are tracked as CVE-2025-4427, and CVE-2025-4428, and neither was given a critical severity score. “While neither of these vulnerabilities have been assigned critical severity, in combination they should certainly be treated as critical,” Wiz added.

Ivanti addressed the vulnerabilities in a patch released in mid-May this year and warned, in a security advisory, of ongoing attacks.

“We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company said at the time. To address the issue, users should install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.

Initially, Ivanti thought the issue only affected on-prem EPMM products. “It is not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products," the company explained. "We urge all customers using the on-prem EPMM product to promptly install the patch."

In the meantime, CISA added the two bugs to its Known Exploited Vulnerabilities (KEV), giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch up. No threat actors claimed responsibility for any of the attacks so far.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.