Summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR) detailing an active malware campaign exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities CVE-2025-4427 and CVE-2025-4428. These flaws allow threat actors to gain unauthorized access to vulnerable systems and deploy malware for persistence, lateral movement, and data exfiltration. The vulnerabilities pose significant risks to both government and private sector networks, particularly those using EPMM for mobile device management.

Security Officer Comments:
This attack shows how attackers increasingly target exploits of widely targeted enterprise software to achieve the greatest visibility. Ivanti EPMM, in the context of managing mobile devices, is a highly desirable target for data exfiltration, spying, and initial access to corporate networks. Use of multiple families of malware suggests a well-coordinated and potentially state-sponsored attack to gain extended access. The most vulnerable organizations are those with internet-facing EPMM servers.

Suggested Corrections:

• Immediately apply Ivanti’s latest security patches for CVE-2025-4427 and CVE-2025-4428.
• Audit logs for suspicious activity, including anomalous authentication attempts and unusual device registrations.
• Isolate and reimage compromised systems to prevent persistence.
• Enforce network segmentation to limit lateral movement from EPMM servers.
• Subscribe to CISA’s Known Exploited Vulnerabilities (KEV) catalog and Ivanti’s advisories for updates.

Link(s):
https://thecyberexpress.com/cisa-mar-cve-2025-4427-28/https://www.cisa.gov/news-events/al...ener-targeting-ivanti-endpoint-manager-mobile