CNNVD-202510-1997 Information

CNNVD ID

CNNVD-202510-1997

Related CVE

CVE-2025-10243

• CNNVD Published: 2025-10-14

Description (Chinese)

Ivanti EPMM是美国Ivanti公司的一款使 IT 部门能够为移动设备、应用程序和内容设置策略的产品。 Ivanti EPMM 12.6.0.2之前版本、12.5.0.4版本和12.4.0.4版本存在操作系统命令注入漏洞，该漏洞源于管理面板中存在OS命令注入，可能导致远程代码执行。

Description (English)

Ivanti EPM is a product of the American company Ivanti that enables the IT sector to set strategies for mobile devices, applications and content. Prior to Ivanti EPM12.6.0.2, Versions 12.5.0.4 and 12.4.0.4 have a gap in the operating system command, which arises from the presence of an OS injection in the management panel and may lead to remote code execution.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Ivanti

Published

2025-10-14

Last Modified

2026-02-24

References

https://forums.ivanti.com/s/article/Security-Advisory-Endpoint-Manager-Mobile-EPMM-10-2025-Multiple-CVEs?language=en_US https://access.redhat.com/security/cve/cve-2025-10243

Patch

https://forums.ivanti.com/s/article/Security-Advisory-Endpoint-Manager-Mobile-EPMM-10-2025-Multiple-CVEs?language=en_US