CVE-2025-4427

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 9 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

91.32%

probability

This CVE has a 91.32% probability of being exploited in the next 30 days.

0% Top 99.7th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-288 · Authentication Bypass by Alternate Path/Channel CWE-306 · Missing Authentication

Exploits & PoC

watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428

PoC CVE-2025-4427 — watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428

1 repo — triés par ⭐ Rechercher sur GitHub ↗

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

TheHackerNews

Ivanti fixes EPMM zero-days chained in code execution attacks

BleepingComputer May 13, 2025

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

TheHackerNews

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

TheHackerNews

CISA exposes malware kits deployed in Ivanti EPMM attacks

BleepingComputer Sep 19, 2025

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

TheHackerNews

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

TheHackerNews Dec 17, 2025

Security Advisory 2025-018

CERT-EU May 16, 2025

Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) (14 mai 2025)

CERT-FR May 14, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 91.32%

Mentions 9

Last Seen Dec 17, 2025

CNA Information

Analyst Note

CVE-2025-4427 is explicitly named as a zero-day in the BleepingComputer article title 'Ivanti fixes EPMM zero-days chained in code execution attacks' with active exploitation confirmed by CISA exposure of malware kits. Published May 2025 with immediate exploitation evidence supports zero-day classification.