This alert is relevant to large Australian businesses, organisations, and government.
This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services.
Background
ASD’s ACSC is tracking 2 vulnerabilities in Ivanti EPMM:
- CVE-2025-4427: Medium severity Authentication Bypass
- CVE-2025-4428: High severity Remote Code Execution
When chained together, these vulnerabilities can provide unauthenticated attackers Remote Code Execution.
All versions of Ivanti EPMM prior to and including 12.5.0.0 are vulnerable.
Mitigation advice
Australian organisations should review their networks for the use of Ivanti EPMM and apply the latest patches available through Ivanti’s download portal.
Organisations should review Ivanti’s advisory for mitigation advice until they are able to implement the required patches. Ivanti has provided Analysis Guidance as part of this advisory to assist organisations in determining any active exploitation.
Where to get help
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).