Intel Name: China-nexus threat actor actively exploiting ivanti endpoint manager mobile (cve-2025-4428) vulnerability
Date of Scan: May 30, 2025
Impact: Medium
Summary: A China-nexus threat actor is actively exploiting a critical vulnerability (CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. The flaw, when chained with CVE-2025-4427, enables unauthenticated remote code execution on vulnerable systems. Exploitation has been observed since May 15, 2025, targeting internet-facing Ivanti EPMM instances. Affected sectors include healthcare, finance, defense, telecommunications, aviation, and municipal governments across Europe, North America, and the Asia-Pacific region.
