OS Command Injection Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2025-6771

7.2HIGH

Key Information:

Vendor: Ivanti
Status: Endpoint Manager Mobile
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-6771?

A significant OS command injection vulnerability exists in Ivanti Endpoint Manager Mobile before versions 12.5.0.2, 12.4.0.3, and 12.3.0.3. This flaw allows a remote authenticated attacker with elevated permissions to execute arbitrary operating system commands on the affected device. Successful exploitation could result in unauthorized access and control over the system, potentially compromising sensitive data and system integrity.

Affected Version(s)

Endpoint Manager Mobile 12.5.0.2

Endpoint Manager Mobile 12.4.0.3

Endpoint Manager Mobile 12.3.0.3

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 27, 2025