Select your country

Belgium

China

Denmark

France

Germany

Global

Maghreb & West Africa

Netherlands

Norway

South Africa

Sweden

Switzerland

United Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

  1. Sweden
  2. Kunskap
  3. Nyheter
  4. Critical Ivanti EPMM Zero-Days Actively Exploited: What Organizations Need to Know

Critical Ivanti EPMM Zero-Days Actively Exploited: What Organizations Need to Know

Nyheter

Share

Two critical zero-day vulnerabilities have been disclosed in Ivanti Endpoint Manager Mobile (EPMM), (formerly known as MobileIron Core), a widely used mobile device management solution. The flaws are already being actively exploited in the wild, prompting urgent mitigation guidance from multiple authorities. 

Why This Matters

Ivanti EPMM sits at the heart of mobile endpoint security, managing devices, policies, certificates, and authentication mechanisms. A successful compromise of such a platform can have far-reaching consequences, extending well beyond a single system. 

What makes this situation particularly concerning is that: 

  • The vulnerabilities allow remote exploitation 

  • No authentication is required 

  • Exploitation has already been confirmed 

In other words, organizations with exposed EPMM instances face immediate risk.

A Familiar Pattern, Escalating Faster

The urgency of the situation is underlined by the unusually short remediation window imposed on certain organizations, measured in days, not weeks (US CISA forces the update to be done before Feb 1st). This reflects both the severity of the flaws and the confidence that threat actors are already leveraging them. 

What Organizations Should Be Thinking About Now

At this stage, the priority for security leaders is not just patching, but understanding: 

  • Whether their environment is exposed 

  • What realistic attack scenarios look like 

  • How this fits into broader threat trends affecting endpoint and identity infrastructure 

These questions go beyond public advisories and require context, prioritization, and intelligence-driven guidance. 

 

Go Further with World Watch

Our World Watch advisory provides subscribers with: 

  • Early intelligence on actively exploited vulnerabilities 

  • Risk scoring and prioritization tailored for security decision-makers 

  • Clear guidance on what matters now vs. what can wait 

  • Context on how vulnerabilities are used by attackers 

Appendix

External links 

Ivanti: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US  

Ivanti: https://forums.ivanti.com/s/article/Analysis-Guidance-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US  

Censys: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.software.product%3A+%22MobileIron%22  

Orange Cyberdefense links 

World Watch advisory on CVE-2025-4427: https://portal.cert.orangecyberdefense.com/worldwatch/advisory/1963  

Our Managed Vulnerability Intelligence [watch] clients can directly consult the advisory including all the details related to this vulnerability from this address on our Threat Defense Center portal:  
https://portal.cert.orangecyberdefense.com/vulns/123985  
If you're interested to know more about this OCD managed service, please reach us at team[AT]cert.orangecyberdefense.com, indicating you're a World Watch beneficiary.  

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.