CVE-2025-4428

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4428

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4428.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4428

Withdrawn

2026-05-04T08:49:36.390528Z

Published

2025-05-13T16:15:32.463Z

Modified

2026-05-04T08:49:36.390528Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "11.12.0.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "12.3.0.0"
            },
            {
                "fixed": "12.3.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "12.4.0.0"
            },
            {
                "fixed": "12.4.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.5.0.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4428.json"