📦

endpoint_manager_mobile

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 8 CISA KEV List
PoC / Exploits 6 Code Available
Total RCEs 12 Remote Access
Total CVEs 48 Total Indexed
Avg. EPSS 23.41% Exploit Prob.
Latest CVE CVE-2026-7821 May 07

Security Vulnerability Index

Page 2 / 5
7.2 CVSS
CVE-2025-10242
RCE

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 9.23%
7.2 CVSS
CVE-2025-6771
RCE

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution

EPSS: 23.85%
7.2 CVSS
CVE-2025-6770
RCE

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution

EPSS: 15.04%
7.2 CVSS
CVE-2025-4428
RCE Exploit Found

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

EPSS: 40.98%
Critical Target
5.3 CVSS
CVE-2025-4427
Exploit Found

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

EPSS: 91.26%
8.8 CVSS
CVE-2024-7612

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.

EPSS: 0.18%
7.5 CVSS
CVE-2024-36132

Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.

EPSS: 1.03%
8.8 CVSS
CVE-2024-36131
RCE

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.

EPSS: 3.13%
9.8 CVSS
CVE-2024-36130
RCE

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

EPSS: 1.71%
6.5 CVSS
CVE-2024-34788

An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information

EPSS: 8.16%