Ivanti Released Security Updates to fix the Multiple RCE Vulnerabilities

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several products, including Endpoint Manager Mobile (EPMM), Neurons for ITSM (on-premises), Cloud Services Application (CSA), and Neurons for MDM (N-MDM).

These vulnerabilities, ranging from medium to critical severity, could allow attackers to execute remote code, gain administrative access, escalate privileges, or edit unauthorized resources.

Ivanti urges customers to apply patches immediately to protect their environments amid a rapidly evolving threat landscape.

Endpoint Manager Mobile (EPMM) Vulnerabilities

Ivanti disclosed two vulnerabilities in its on-premises EPMM product, stemming from open-source libraries:

• CVE-2025-4427: An authentication bypass (CVSS 5.3, Medium) allowing access to protected resources without credentials.
• CVE-2025-4428: A remote code execution (RCE) flaw (CVSS 7.2, High) enabling arbitrary code execution.

When chained, these vulnerabilities could lead to unauthenticated RCE. According to Ivanti, a “very limited number” of customers have been exploited.

Affected versions include 11.12.0.4, 12.3.0.1, 12.4.0.1, 12.5.0.0, and prior. Customers can mitigate risks by filtering API access using Portal ACLs or an external Web Application Firewall (WAF).

An RPM file is also available for supported versions (12.3, 12.4, 12.5) via a support case. These issues do not affect Ivanti’s cloud-based Neurons for MDM, Sentry, or other products.

Neurons for ITSM (On-Premises) Vulnerability

A critical vulnerability, CVE-2025-22462 (CVSS 9.8, Critical; Environmental Score 6.9, Medium), affects Ivanti Neurons for ITSM (on-premises) versions 2023.4, 2024.2, and 2024.3.

This authentication bypass could allow an unauthenticated remote attacker to gain administrative access, depending on system configuration. No known exploits have been reported.

Patches for May 2025 are available via Ivanti’s download portal (ILS). Customers can reduce risk by securing the IIS website, restricting access to specific IP addresses and domains, or configuring the solution with a DMZ for external users.

Cloud Services Application (CSA) Vulnerability

The Ivanti Cloud Services Application (CSA) is impacted by CVE-2025-22460 (CVSS 7.8, High), a default credentials vulnerability in versions 5.0.4 and prior. This flaw allows a local authenticated attacker to escalate privileges.

No exploits have been reported. Customers should upgrade to CSA 5.0.5, but Ivanti warns that upgrading from 5.0.4 does not automatically apply the fix.

A fresh installation or manual mitigation steps are required, with a future release planned to address this issue. The update is available at Ivanti’s download portal.

Neurons for MDM (N-MDM) Vulnerability

An improper authorization vulnerability (CVSS 5.4, Medium) in Ivanti Neurons for MDM (N-MDM) version R110 allows unauthenticated remote attackers to edit or delete unauthorized resources.

No CVE was assigned, as the issue did not meet CVE criteria, but Ivanti disclosed it for transparency.

The fix was automatically applied to all cloud environments and version R114 is unaffected. No exploits have been reported.

Ivanti urges customers to apply patches immediately and review configurations to minimize risks.