Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Ivanti Endpoint Manager Mobile Code Injection Vulnerability Leading to Unauthenticated Remote Code Execution

Vulnerability

Exploited

Patched

A code injection vulnerability has been identified in Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior, 12.6.0.0 and prior, and 12.7.0.0 and prior. This vulnerability allows attackers to execute code remotely without authentication.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system.

Remediation

Users should upgrade to Ivanti Endpoint Manager Mobile version 12.8.0.0 or apply the specific RPM patch available for their current version. Instructions for applying the patch are provided in the Ivanti security advisory.

Added: Jan 29, 2026, 10:31 PM

Updated: Jan 29, 2026, 10:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

9.3

remediation

7.7

relevance

2.5

threat

9.6

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

9.3

remediation

7.7

relevance

2.5

threat

9.6

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Ivanti Endpoint Manager Mobile Code Injection Vulnerability Leading to Unauthenticated Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Endpoint Manager Mobile

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating