|
86535 | 86535 | "targets": [ |
86536 | 86536 | "Automatic" |
86537 | 86537 | ], |
86538 | | - "mod_time": "2025-06-04 12:56:51 +0000", |
| 86538 | + "mod_time": "2025-06-04 15:24:43 +0000", |
86539 | 86539 | "path": "/modules/exploits/linux/local/udev_persistence.rb", |
86540 | 86540 | "is_install_path": true, |
86541 | 86541 | "ref_name": "linux/local/udev_persistence", |
|
99833 | 99833 | "session_types": false, |
99834 | 99834 | "needs_cleanup": null |
99835 | 99835 | }, |
| 99836 | + "exploit_multi/http/ivanti_epmm_rce_cve_2025_4427_4428": { |
| 99837 | + "name": "Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution", |
| 99838 | + "fullname": "exploit/multi/http/ivanti_epmm_rce_cve_2025_4427_4428", |
| 99839 | + "aliases": [], |
| 99840 | + "rank": 600, |
| 99841 | + "disclosure_date": "2025-05-13", |
| 99842 | + "type": "exploit", |
| 99843 | + "author": [ |
| 99844 | + "CERT-EU", |
| 99845 | + "Sonny Macdonald", |
| 99846 | + "Piotr Bazydlo", |
| 99847 | + "remmons-r7" |
| 99848 | + ], |
| 99849 | + "description": "This module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM,\n tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated\n access to an administrator web API endpoint, which allows for code execution via expression\n language injection. This module executes in the context of the 'tomcat' user. This module\n should also work on many versions of MobileIron Core (rebranded as Ivanti EPMM).", |
| 99850 | + "references": [ |
| 99851 | + "CVE-2025-4427", |
| 99852 | + "CVE-2025-4428", |
| 99853 | + "URL-https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US", |
| 99854 | + "URL-https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428", |
| 99855 | + "URL-https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability" |
| 99856 | + ], |
| 99857 | + "platform": "Python", |
| 99858 | + "arch": "python", |
| 99859 | + "rport": 443, |
| 99860 | + "autofilter_ports": [ |
| 99861 | + 80, |
| 99862 | + 8080, |
| 99863 | + 443, |
| 99864 | + 8000, |
| 99865 | + 8888, |
| 99866 | + 8880, |
| 99867 | + 8008, |
| 99868 | + 3000, |
| 99869 | + 8443 |
| 99870 | + ], |
| 99871 | + "autofilter_services": [ |
| 99872 | + "http", |
| 99873 | + "https" |
| 99874 | + ], |
| 99875 | + "targets": [ |
| 99876 | + "Default" |
| 99877 | + ], |
| 99878 | + "mod_time": "2025-06-03 13:39:01 +0000", |
| 99879 | + "path": "/modules/exploits/multi/http/ivanti_epmm_rce_cve_2025_4427_4428.rb", |
| 99880 | + "is_install_path": true, |
| 99881 | + "ref_name": "multi/http/ivanti_epmm_rce_cve_2025_4427_4428", |
| 99882 | + "check": true, |
| 99883 | + "post_auth": false, |
| 99884 | + "default_credential": false, |
| 99885 | + "notes": { |
| 99886 | + "Stability": [ |
| 99887 | + "crash-safe" |
| 99888 | + ], |
| 99889 | + "Reliability": [ |
| 99890 | + "repeatable-session" |
| 99891 | + ], |
| 99892 | + "SideEffects": [ |
| 99893 | + "ioc-in-logs" |
| 99894 | + ] |
| 99895 | + }, |
| 99896 | + "session_types": false, |
| 99897 | + "needs_cleanup": null |
| 99898 | + }, |
99836 | 99899 | "exploit_multi/http/jboss_bshdeployer": { |
99837 | 99900 | "name": "JBoss JMX Console Beanshell Deployer WAR Upload and Deployment", |
99838 | 99901 | "fullname": "exploit/multi/http/jboss_bshdeployer", |
|
0 commit comments