Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Ivanti Endpoint Manager Mobile Code Injection Vulnerability Leading to Unauthenticated Remote Code Execution

Vulnerability

Exploited

Patched

A code injection vulnerability has been identified in Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior, 12.6.0.0 and prior, and 12.7.0.0 and prior. This vulnerability allows attackers to execute code remotely without authentication.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system.

Remediation

Users can apply the Ivanti security update RPM 12.x.0.x or RPM 12.x.1.x, depending on their current version. Instructions for downloading and applying the patch are available on the Ivanti Support Portal. After applying the RPM, it is important to note that the patch does not survive a version upgrade, so the RPM will need to be reinstalled if an upgrade is performed.

Added: Jan 29, 2026, 10:30 PM

Updated: Apr 8, 2026, 5:50 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.8

remediation

7.7

relevance

2.5

threat

9.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.8

remediation

7.7

relevance

2.5

threat

9.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Ivanti Endpoint Manager Mobile Code Injection Vulnerability Leading to Unauthenticated Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Endpoint Manager Mobile

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating