Skip to content
Email: info@itamindia.com
Login/Register
iTAM India - IT Asset Management
  • Home
  • About
    • About ITAM India
    • Teaching Faculty
    • ITAM India FAQs
    • Careers
    • Contact
  • Courses
    • Instructor Led Online
    • On-demand Courses
  • Certification
    • ITAM India Certifications
  • Resource
    • ITAM Glossary
    • Sys Admin Glossary
    • News
    • Blog
  • My Account
0

Currently Empty: ₹0.00

Continue shopping

iTAM India - IT Asset Management
  • Home
  • About
    • About ITAM India
    • Teaching Faculty
    • ITAM India FAQs
    • Careers
    • Contact
  • Courses
    • Instructor Led Online
    • On-demand Courses
  • Certification
    • ITAM India Certifications
  • Resource
    • ITAM Glossary
    • Sys Admin Glossary
    • News
    • Blog
  • My Account

Ivanti patches two zero-days under active attack as intel agency warns customers

Home » Blog » Ivanti patches two zero-days under active attack as intel agency warns customers
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
News

Ivanti patches two zero-days under active attack as intel agency warns customers

  • May 15, 2025
  • Com 0

Australia’s intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.

The Australian Signals Directorate (ASD) issued a critical warning about CVE-2025-4427 (5.3) and CVE-2025-4428 (7.2) earlier today. Individually, the two bugs seem fairly unalarming, but together they can be, and have been, used to exploit Ivanti customers.

“We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” said Ivanti in its advisory, which was released alongside the patches for Ivanti Endpoint Manager Mobile (EPMM).

EPMM is used by Ivanti customers to manage company-issued devices and applications on those devices, while providing secure access to sensitive or confidential content such as company documents.

Although EPMM can be used by all types of organizations, the ASD’s advisory stated that the information was intended for large organizations and government entities, suggesting the EPMM vulnerabilities are less likely to affect smaller companies.

The affected EPMM versions include:

  • 11.12.0.4 and earlier
  • 12.3.0.1 and earlier
  • 12.4.0.1 and earlier
  • 12.5.0.0 and earlier

All four series of the software have patches available, but if customers can’t apply them right away, they can mitigate the threat of chained attacks by filtering access to the API using either the Portal ACLs functionality or via an external WAF, Ivanti said.

If customer are concerned about whether they are compromised or not, Ivanti urged them to contact its support team in lieu of providing indicators of compromise.

Share on:
Sheshagiri Anegondi

Sheshagiri helps companies reduce Software License & Support costs through deployment optimization and risk management in software license compliance audits. His core skills are Software License Management, Enterprise Software Sales & Sales Management.

Microsoft boots 3% of staff in latest cull, middle managers first in line
Microsoft proposes sweeping global concessions to Teams for up to a decade

News

  • Broadcom sends VMware to record revenue,
  • Microsoft will stop pestering Windows users about Edge in EU
  • Microsoft is opening Windows Update to third-party apps
  • Stargate UAE will be live in 2026
  • Adobe says: users must pay up or downgrade
View All
License Compliance

Tags

Design Development Future licensing microsoft News Software
iTAM India - IT Asset Management

Empowering India with accredited education in SAM, HAM, ITOM, InfoSec and FinOps

Address: 408, Vashi Infotech Park, Sector 30A, Vashi, Navi Mumbai 400703
Email: info@itamindia.com

ITAM India

  • About ITAM India
  • Careers
  • Instructor Led Online Courses
  • On-Demand Courses
  • ITAM India Certified Credentials
  • OEM Credentials Practice Tests
  • FAQs

Learn

  • A listing of ITAM Skills
  • Network Monitoring
  • Hardware Asset Management
  • Software License Management
  • Software Asset Management
  • Information Security
  • CMDB
  • FinOps
  • IT Vendor Management

Contacts

Email Us
Icon-linkedin2 Icon-instagram Icon-twitter
Copyright 2025 ITAM India. All Rights Reserved.
iTAM India - IT Asset Management
Cancel Preloader