Ivanti customers are at risk of falling victim to a cyberattack, as hackers are actively exploiting a zero-day bug.
Hackers have combined two relatively harmless bugs in Ivanti software into a successful attack vector. CVE-2025-4427 (5.3) and CVE-2025-4428 (7.2) are being deployed together to compromise organizations via Ivanti Endpoint Manager Mobile (EPMM). The risk is not hypothetical: attacks are already taking place today.
Especially Germany
EPMM is used by companies worldwide to manage corporate devices and secure files. In Belgium, Shadowserver detects 25 EPMM systems, in the Netherlands 68, and in Luxembourg 50. In France, there are 65 detectable EPMM installations. In most European countries, the impact is of that magnitude, except in Germany. There, the numbers are more alarming, with just under 1,000 detectable EPMM systems.
Ivanti has rolled out a patch, which administrators should install immediately. The following versions of the software are vulnerable:
- 11.12.0.4 and older
- 12.3.0.1 and older
- 12.4.0.1 and older
- 12.5.0.0 and older
At this time, there are no clear indicators of exploitation. Those in doubt should contact Ivanti’s support service directly. The vulnerabilities in question are reportedly not in Ivanti’s own code, but in two unnamed open-source libraries.
The plumbers at Ivanti are certainly hard at work. The company patched another serious vulnerability: CVE-2025-22462 with a score of 9.8. This bug affects on-premises instances of Neurons for ITSM. This bug is not yet being actively exploited. Last year, Ivanti also experienced some setbacks with bugs and vulnerabilities.