Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN718 _____________________________________________________________________ DATE : 17/10/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Endpoint Manager Mobile (EPMM) versions prior to 12.6.0.2, 12.5.0.4, 12.4.0.4. ===================================================================== https://forums.ivanti.com/s/article/Security-Advisory-Endpoint-Manager-Mobile-EPMM-10-2025-Multiple-CVEs?language=en_US _____________________________________________________________________ Security Advisory Endpoint Manager Mobile (EPMM) 10/2025 (Multiple CVEs) Primary Product Ivanti Endpoint Manager Mobile (Core) Categories Security Created Date 14-Oct-2025 13:58:09 Last Modified Date 14-Oct-2025 16:36:16 Security Advisory Endpoint Manager Mobile (EPMM) (Multiple CVEs) Summary Ivanti has released updates for EPMM which addresses one medium and three high severity vulnerabilities. Successful exploitation requires authentication and could lead to remote code execution. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number Description CVSS Score (Severity) CVSS Vector CWE CVE-2025-10242 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. 7.2 (High) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CWE-78 CVE-2025-10243 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. 7.2 (High) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CWE-78 CVE-2025-10985 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. 7.2 (High) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CWE-78 CVE-2025-10986 Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk. 4.7 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CWE-22 Affected Versions Product Name Affected Version(s) Affected CPE(s) Resolved Version(s) Patch Availability Ivanti Endpoint Manager Mobile (EPMM) 12.6.0.1 12.5.0.2 12.4.0.3 and all prior cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.0.2:::::::* cpe:2.3:a:ivanti:endpoint_manager_mobile:12.4.0.3:::::::* 12.6.0.2 12.5.0.4 12.4.0.4 Download Portal https://portal.ivanti.com/ Solution These vulnerabilities are resolved on the latest version of the product and can be accessed in the download portal (Login Required): Ivanti Endpoint Manager Mobile 12.6.0.2, 12.5.0.4 and 12.4.0.4 Mitigation or Workaround Update to latest versions listed above. FAQ Are you aware of any active exploitation of these vulnerabilities? We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. How can I tell if I have been compromised? Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise. What should I do if I need help?  If you have questions after reviewing this information, you can log a case and/or request a call via the Success Portal  Article Number : 000102630 Article Promotion Level Normal ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================