CVE-2025-4428

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 9 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

38.31%

probability

This CVE has a 38.31% probability of being exploited in the next 30 days.

0% Top 97.3th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-913 · Improper Control of Dynamically-Managed Code Resources CWE-94 · Code Injection

Exploits & PoC

xie-22/CVE-2025-4428

Ivanti EPMM Pre-Auth RCE Chain

1 repo — triés par ⭐ Rechercher sur GitHub ↗

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

TheHackerNews

Ivanti fixes EPMM zero-days chained in code execution attacks

BleepingComputer May 13, 2025

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

TheHackerNews

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

TheHackerNews

CISA exposes malware kits deployed in Ivanti EPMM attacks

BleepingComputer Sep 19, 2025

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

TheHackerNews

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

TheHackerNews Dec 17, 2025

Security Advisory 2025-018

CERT-EU May 16, 2025

Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) (14 mai 2025)

CERT-FR May 14, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 38.31%

Mentions 9

Last Seen Dec 17, 2025

CNA Information

Analyst Note

CVE-2025-4428 is explicitly named as a zero-day in the BleepingComputer article 'Ivanti fixes EPMM zero-days chained in code execution attacks' and referenced in CERT-EU and CERT-FR security advisories on zero-day vulnerabilities in Ivanti EPMM. The CVE was published 2025-05-13 with concurrent exploitation reports and active malware kit deployments documented by CISA, meeting the zero-day criteria of wild exploitation concurrent with or preceding patch availability.