CVE Vulnerabilities

CVE-2025-4427

Authentication Bypass Using an Alternate Path or Channel

Published: May 13, 2025 | Modified: May 21, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Endpoint_manager_mobile Ivanti * 11.12.0.5 (excluding)
Endpoint_manager_mobile Ivanti 12.3.0.0 (including) 12.3.0.2 (excluding)
Endpoint_manager_mobile Ivanti 12.4.0.0 (including) 12.4.0.2 (excluding)
Endpoint_manager_mobile Ivanti 12.5.0.0 (including) 12.5.0.0 (including)

Potential Mitigations

References