Ivanti Releases Critical Security Update for EPMM After Limited Exploits Discovered
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Ivanti has issued an important security advisory addressing vulnerabilities in open-source libraries used in its Endpoint Manager Mobile (EPMM) solution.
The company announced today that a small number of customers have already experienced exploitation of these vulnerabilities, prompting immediate action from the enterprise software provider.
According to Ivanti’s May 13, 2025 security bulletin, the vulnerabilities specifically affect the on-premises version of EPMM, formerly known as MobileIron Core.
The company emphasized that other products, including Ivanti Neurons for MDM (their cloud-based unified endpoint management solution), Ivanti Sentry, and other Ivanti offerings, remain unaffected by these security flaws.
“At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited,” stated Ivanti in their advisory. This follows a pattern of previous security concerns with EPMM, which has experienced multiple vulnerabilities over the past two years.
Critical Security Update for EPMM
Ivanti has developed patches to address the vulnerabilities and is strongly urging all customers using on-premises EPMM to install these updates immediately. The company has mobilized additional support resources to assist customers with implementing the fixes.
“We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns,” noted the company representative. Detailed remediation instructions are available in the Security Advisory published on Ivanti’s forums.
This security issue is noteworthy because of its connection to open-source libraries. The vulnerabilities stem from two open-source components integrated into EPMM rather than Ivanti’s proprietary code. At the time of disclosure, CVEs (Common Vulnerabilities and Exposures) were not assigned to these specific vulnerabilities.
“Ivanti is committed to using open-source code responsibly,” the company stated, explaining that they employ “enterprise grade software composition analysis tools and SBOMs to identify potential issues in the libraries that we use.”
The investigation into these vulnerabilities remains active, with Ivanti acknowledging they “do not have reliable atomic indicators at this time.” The company collaborates with security partners, the broader security community, and law enforcement agencies.
Customers requiring assistance should contact Ivanti’s Support Team through the company’s Success portal, which requires login credentials.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Ivanti Releases Critical Security Update for EPMM After Limited Exploits Discovered
Author: Guru BaranIvanti has issued an important security advisory addressing vulnerabilities in open-source libraries used in its Endpoint Manager Mobile (EPMM) solution.
The company announced today that a small number of customers have already experienced exploitation of these vulnerabilities, prompting immediate action from the enterprise software provider.
According to Ivanti’s May 13, 2025 security bulletin, the vulnerabilities specifically affect the on-premises version of EPMM, formerly known as MobileIron Core.
The company emphasized that other products, including Ivanti Neurons for MDM (their cloud-based unified endpoint management solution), Ivanti Sentry, and other Ivanti offerings, remain unaffected by these security flaws.
“At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited,” stated Ivanti in their advisory. This follows a pattern of previous security concerns with EPMM, which has experienced multiple vulnerabilities over the past two years.
Critical Security Update for EPMM
Ivanti has developed patches to address the vulnerabilities and is strongly urging all customers using on-premises EPMM to install these updates immediately. The company has mobilized additional support resources to assist customers with implementing the fixes.
“We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns,” noted the company representative. Detailed remediation instructions are available in the Security Advisory published on Ivanti’s forums.
This security issue is noteworthy because of its connection to open-source libraries. The vulnerabilities stem from two open-source components integrated into EPMM rather than Ivanti’s proprietary code. At the time of disclosure, CVEs (Common Vulnerabilities and Exposures) were not assigned to these specific vulnerabilities.
“Ivanti is committed to using open-source code responsibly,” the company stated, explaining that they employ “enterprise grade software composition analysis tools and SBOMs to identify potential issues in the libraries that we use.”
The investigation into these vulnerabilities remains active, with Ivanti acknowledging they “do not have reliable atomic indicators at this time.” The company collaborates with security partners, the broader security community, and law enforcement agencies.
Customers requiring assistance should contact Ivanti’s Support Team through the company’s Success portal, which requires login credentials.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
