KEV Entry
CVE-2025-4428
Known Exploited Vulnerability Entry External Catalog
Entry Details
Confirmed Exploited2026-04-08 00:00 UTC
Timestamps
2026-04-08
2026-04-08
Scope
Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: High severity vulnerability. Successful exploitation may lead to unauthenticated remote code execution when chained together with CVE-2025-4427. | Exploitation type: APT | Threat actors: unknown | CWEs: CWE-94 | Origin source: cnw | Notes: https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm
References
- {'id': 'CVE-2025-4428', 'url': 'https://www.cve.org/CVERecord?id=CVE-2025-4428'}
- {'id': 'EUVD-2025-14387', 'url': 'https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-14387'}
- {'id': 'source', 'url': 'https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm'}
4490753b-3c57-49c0-8118-0066ba42672a
cce329bf-df49-4c6e-a027-80be2e6483bd
2026-06-05 17:01 UTC
2026-06-05 17:01 UTC
Evidence
1| Type | Source | Signal | Confidence | Details | GCVE Metadata |
|---|---|---|---|---|---|
| csirt_report | enisa-cnw-kev | successful_exploitation | 0.75 |
View details
|
- |