Hundreds of Ivanti EPMM Servers Exposed to Active Attack in Germany
By Netvora Tech News
A leading cybersecurity foundation has discovered hundreds of Ivanti Endpoint Manager Mobile (EPMM) servers in Germany with an actively exploited vulnerability. In the Netherlands, 16 servers were identified, according to a report by The Shadowserver Foundation. Ivanti EPMM is a mobile management software engine that enables organizations to manage mobile devices remotely, controlling access to specific applications or policies. Last week, Ivanti warned of two actively exploited vulnerabilities in EPMM, CVE-2025-4427 and CVE-2025-4428, which can be combined to allow an unauthenticated attacker to execute code on affected systems and compromise them. The Shadowserver Foundation, a non-profit organization dedicated to combating cybercrime, regularly conducts online research to identify vulnerable systems on the internet. In their latest scan, they found over 800 vulnerable EPMM servers, with Germany leading the pack with 276 machines, followed by the United States with 150. The Netherlands ranked tenth, with 16 vulnerable servers. These vulnerabilities allow attackers to remotely execute code on compromised systems, giving them unauthorized access to sensitive data. The discovery highlights the importance of timely patching and regular security audits to prevent such attacks. The findings emphasize the need for organizations to prioritize security and patching, as well as for the cybersecurity community to continue monitoring and reporting on emerging threats.
Consequences of the Vulnerability
The consequences of this vulnerability are severe, as it allows attackers to compromise sensitive systems and data. This can lead to:
- Unauthorized access to sensitive data
- Execution of malicious code on compromised systems
- Potential data breaches and theft
- Compromised security and integrity of systems
Comments (0)
Leave a comment