What is the CVSS score of CVE-2025-4428?

CVE-2025-4428 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 45.3%.

Which versions of Endpoint Manager Mobile are affected by CVE-2025-4428?

CVE-2025-4428 presents moderate security risk, a code injection vulnerability rated CVSS 7.2.

Is CVE-2025-4428 being actively exploited?

Yes, CVE-2025-4428 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-4428?

Within 24 hours: Identify all affected systems running API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Endpoint Manager Mobile CVE-2025-4428

HIGH

Code Injection (CWE-94)

2025-05-13 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

RCE Code Injection Ivanti Endpoint Manager Mobile

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:41 vuln.today

Added to CISA KEV

Oct 24, 2025 - 13:55 cisa

CISA KEV

CVE Published

May 13, 2025 - 16:15 nvd

HIGH 7.2

DescriptionNVD

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

AnalysisAI

Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests.

Technical ContextAI

The CWE-94 code injection in EPMM's API processes crafted requests that inject executable code into server-side operations. While requiring authentication, the API is accessible to any authenticated EPMM user.

RemediationAI

Apply Ivanti security updates. Restrict API access. Audit EPMM configurations for unauthorized changes. Monitor managed devices for suspicious profile installations.