OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
Metrics
Affected Vendors & Products
References
History
Mon, 14 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti
Ivanti endpoint Manager Mobile |
|
CPEs | cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ivanti
Ivanti endpoint Manager Mobile |
Wed, 09 Jul 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Jul 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution | |
Title | OS command injection in Ivanti Endpoint Manager | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ivanti
Published: 2025-07-08T15:38:48.637Z
Updated: 2025-07-09T14:14:49.148Z
Reserved: 2025-06-27T09:27:02.021Z
Link: CVE-2025-6771

Updated: 2025-07-09T14:14:45.672Z

Status : Analyzed
Published: 2025-07-08T16:15:58.703
Modified: 2025-07-11T17:29:00.883
Link: CVE-2025-6771

No data.