Critical Flaws in Ivanti Endpoint Manager Mobile Let Attackers Decrypt User Credentials

 


Ivanti Patches High-Severity Vulnerabilities in Endpoint Manager Mobile – Password Decryption & SQL Injection Risks Identified

Ivanti has released critical security updates for its Endpoint Manager Mobile (EPMM) software, addressing three high-severity vulnerabilities that could allow attackers to decrypt user passwords or extract sensitive data from backend databases.


What’s at Stake

If exploited, these flaws pose a serious threat to organizations, particularly those that rely on EPM for enterprise mobility and endpoint management. Two of the vulnerabilities involve weak encryption practices, while the third is a classic SQL injection issue—all of which could be used to compromise sensitive enterprise credentials and data.

 Breakdown of the Vulnerabilities

Ivanti has disclosed the following CVEs, all rated high severity according to the Common Vulnerability Scoring System (CVSS):

 Technical Vectors

  • CWE-257 – Improper use of encryption

  • CWE-89 – SQL injection

  • CVSS Vectors:

    • CVE-2025-6995/6996: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

    • CVE-2025-7037: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Versions & Patching Guidance

Ivanti recommends immediate upgrades to the patched versions via the Ivanti Licensing Portal (login required). These updates fully mitigate the identified vulnerabilities.

Risk & Exposure

Ivanti confirms that no in-the-wild exploitation has been detected. The vulnerabilities were responsibly disclosed via Ivanti's security program, enabling patches before any known attacks occurred. However, given the nature of the flaws:

  • The password decryption issues require local access but could enable lateral movement inside compromised networks.

  • The SQL injection flaw provides a remote attack vector for privileged users—significantly increasing the potential threat surface.

 Why This Matters

These vulnerabilities highlight the growing risk landscape around endpoint and mobile device management tools. Attackers continue to target infrastructure-level software for credential harvesting and data access.

Organizations are strongly advised to:

  • Patch all affected EPM deployments immediately.

  • Audit EPM agent components for unauthorized access or anomalies.

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Critical Flaws in Ivanti Endpoint Manager Mobile Let Attackers Decrypt User Credentials

  Ivanti Patches High-Severity Vulnerabilities in Endpoint Manager Mobile – Password Decryption & SQL Injection Risks Identified Ivanti ...