Questions mount as Ivanti tackles another round of zero-days | CyberScoop<\/title> <meta name=\"description\" content=\"The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren\u2019t buying it.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ivanti-epmm-defects-exploited\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Questions mount as Ivanti tackles another round of zero-days\"> <meta property=\"og:description\" content=\"The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren\u2019t buying it.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ivanti-epmm-defects-exploited\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-28T21:39:37+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-28T21:39:40+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp\"> <meta property=\"og:image:width\" content=\"3000\"> <meta property=\"og:image:height\" content=\"2000\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747771875g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84691\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84691\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fivanti-epmm-defects-exploited%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fivanti-epmm-defects-exploited%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84691 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ivanti-epmm-defects-exploited\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.059233449477\">\n<div class=\"single-article__header-content\" readability=\"35.384279475983\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/ivanti-epmm-defects-exploited\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p> The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren\u2019t buying it. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84691\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp 3000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days.webp?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar \/ Alamy Stock Photo) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"81.472684085511\"><body readability=\"168.23428961749\"><\/p>\n<p>Multiple attackers are raiding Ivanti customers\u2019 systems again by exploiting a pair of closely intertwined vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution.<\/p>\n<p>The software defects \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2025-4427\">CVE-2025-4427<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4428\">CVE-2025-4428<\/a> \u2014 were exploited as zero-days before Ivanti disclosed and patched the flaws. \u201cWe are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,\u201d Ivanti said in a <a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US\">May 13 security advisory<\/a>. <\/p>\n<p>Attacks have proliferated since then, following a typical pattern where nation-state threat groups hit exploits hard and fast, leaving windows open for cybercriminals to follow soon after in their wake.<\/p>\n<p>Security researchers at <a href=\"https:\/\/blog.eclecticiq.com\/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability\">EclectiqIQ attributed almost 20 attacks<\/a> targeting internet-facing Ivanti EPMM deployments to UNC5221, a China-linked espionage group that has repeatedly attacked Ivanti customers since 2023. The threat group\u2019s latest attack spree marks the fourth time it has exploited zero-days in Ivanti products in less than three years.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Victims span critical sectors in Europe, North America and the Asia-Pacific region, including a \u201ccybersecurity firm specializing in mobile threat defense and enterprise defense security,\u201d Arda B\u00fcy\u00fckkaya, threat intelligence analyst at EclectiqIQ, said in a blog post published May 21. <\/p>\n<p>UNC5221 also stole data from the \u201clargest German telecommunications provider,\u201d U.K.-based health care organizations, an Ireland-based aerospace leasing company, a national health care and pharmaceutical provider in North America, a U.S.-based firearms manufacturer, and a transportation organization that manages airport systems in Houston, according to EclectiqIQ.<\/p>\n<p>GreyNoise, which first warned about a <a href=\"https:\/\/www.greynoise.io\/blog\/surge-ivanti-connect-secure-scanning-activity\">nine-fold surge in scanning activity<\/a> targeting other Ivanti products on April 23, has observed a steady increase in unique IPs attempting to exploit the pair of vulnerabilities in Ivanti EPMM during the past week. GreyNoise has observed <a href=\"https:\/\/viz.greynoise.io\/tags\/ivanti-epmm-cve-2025-4428-rce-attempt\">16 unique malicious IPs<\/a> since it started scanning for exploit attempts May 16, including 10 since Tuesday.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-ivanti-customers-consistently-targeted\">Ivanti customers consistently targeted<\/h5>\n<p>Ivanti\u2019s security products and services are used by many high-value targets, including government agencies and critical infrastructure providers. The company\u2019s far-reaching footprint puts the vendor\u2019s customers in the cross-hairs of cybercriminals and nation-state attackers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Network edge devices \u2014 firewalls, VPNs and routers \u2014 are a frequent and recurring target for attackers, but the challenges faced by Ivanti and its customers since 2024 are pronounced and <a href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\">occur more often than any other vendor in that sector<\/a>.<\/p>\n<p>Data confirms that Ivanti is a repeat offender, shipping software with a high number of vulnerabilities across at least 10 different product lines since 2021.<\/p>\n<p>The Cybersecurity and Infrastructure Security Agency\u2019s known exploited vulnerabilities catalog contains <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?f%5B0%5D=vendor_project%3A817&page=0\">30 Ivanti defects in the past four years<\/a>, with eight of those known to be used in ransomware campaigns. Attackers have exploited seven vulnerabilities in Ivanti products so far this year, according to cyber authorities.<\/p>\n<p>Despite Ivanti\u2019s security travails, the company has engendered broad understanding from analysts, incident response specialists and researchers who defend or empathize with Ivanti\u2019s recurring status as a security vendor under attack.<\/p>\n<p>\u201cIt\u2019s definitely true that there has been a pattern of Ivanti products being targeted, but I\u2019m not sure that that\u2019s necessarily a reflection of their security posture, as it is that they\u2019re just getting absolutely hammered by individuals that are trying to break into these incredibly desired organizations,\u201d Ryan Emmons, staff security researcher at Rapid7, told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-root-cause-of-latest-cves-questioned\">Root cause of latest CVEs questioned<\/h5>\n<p>Ivanti took a different tack in assigning blame for the root cause of CVE-2025-4427 and CVE-2025-4428, asserting that the vulnerabilities are associated with two unnamed open-source libraries integrated into Ivanti EPMM. <\/p>\n<p>\u201cIvanti has released a fix for vulnerabilities associated with open-source libraries used in our on-premise Endpoint Manager Mobile products,\u201d a spokesperson for Ivanti told CyberScoop in a prepared statement. <\/p>\n<p>\u201cWe are actively working with our security partners and the maintainers of the libraries to determine if a CVE against the libraries is warranted,\u201d the spokesperson added. \u201cWe remain committed to collaboration and transparency with our stakeholders and the broader security ecosystem.\u201d<\/p>\n<p>Yet, by applying its own CVEs to the vulnerabilities and patching the flaws internally, Ivanti is at least claiming some level of responsibility for its role and ownership of the defects under active exploitation in the wild, threat researchers said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>When vulnerabilities are discovered in open-source libraries, CVEs are typically assigned to the vulnerability in the library itself, Emmons said.<\/p>\n<p>Oftentimes, there\u2019s some ambiguity around whether the vulnerability ultimately lies with a vendor\u2019s software, a third-party library, or the vendor\u2019s implementation of open-source software. Ivanti maintains the vulnerabilities are entirely linked to unspecified security issues in open-source libraries. <\/p>\n<p>\u201cIvanti is engaged in ongoing discussions with the maintainers regarding CVEs against these libraries,\u201d the company spokesperson said.<\/p>\n<p>Ben Harris, CEO at watchTowr, said he and his colleagues were confused and surprised by how Ivanti framed the vulnerabilities, calling the company\u2019s explanation \u201cborderline disingenuous.\u201d <\/p>\n<p>Researchers at watchTowr <a href=\"https:\/\/labs.watchtowr.com\/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428\/\">reproduced CVE-2025-4427 and CVE-2025-4428<\/a> and took issue with both how Ivanti classified the vulnerabilities and described the root cause. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u200b\u200b\u201dThe root cause of the vulnerability is misuse of a software library,\u201d Harris said. \u201cThey know that it\u2019s not a zero-day in a library that they\u2019re using, but it is down to their code using said library incorrectly, which has introduced this weakness.\u201d<\/p>\n<p>The steps required to exploit the pair of vulnerabilities are also relatively easy and not a complicated chain, researchers said.<\/p>\n<p>\u201cThese were framed as a two-bug chain, when in reality it\u2019s very much a single request, point and shoot,\u201d Emmons said. \u201cThere\u2019s not that much of a multi-stage to it. It\u2019s more so about the root cause.\u201d<\/p>\n<p>The vulnerability that Ivanti describes as an authentication bypass defect, CVE-2025-4427, allows attackers to access a web API endpoint without authentication because access controls aren\u2019t enforced for that API endpoint in Ivanti\u2019s code, researchers told CyberScoop.<\/p>\n<p>\u201cBased on what we saw in the code, there\u2019s no bypass. It just isn\u2019t there,\u201d Harris said, adding that CVE-2025-4427 would more properly be described as an incorrect order of operations vulnerability.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Rapid7 and watchTowr determined that access obtained via CVE-2025-4427 with a single request to the web server allows attackers to initiate unauthenticated remote code execution via CVE-2025-4428 with no additional steps.<\/p>\n<p>\u201cWe\u2019re looking at different versions of reality,\u201d Harris said. \u201cIt\u2019s hard to look at it as anything else than self-inflicted damage.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.7212389380531\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/questions-mount-as-ivanti-tackles-another-round-of-zero-days-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ivanti-epmm-defects-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Questions mount as Ivanti tackles another round of zero-days |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,1209,1765,282,78,452,2182,624,2659,3119,3297,4357,4358,1394,1766,3353,256,310,288,3542,643,3440,1170],"tags":[277,668,1770,286,86,454,2185,629,2661,3120,3298,4359,4360,1395,1771,3357,262,311,294,3545,645,3441,1171],"class_list":["post-7690","post","type-post","status-publish","format-standard","hentry","category-china","category-cisa","category-cve","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-edge-devices","category-espionage","category-exploit","category-firewall","category-firewalls","category-greynoise","category-greynoise-io","category-ivanti","category-known-exploited-vulnerabilities-kev","category-rapid7","category-research","category-technology","category-threats","category-virtual-private-network-vpn","category-vulnerabilities","category-watchtowr-labs","category-zero-days","tag-china","tag-cisa","tag-cve","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-edge-devices","tag-espionage","tag-exploit","tag-firewall","tag-firewalls","tag-greynoise","tag-greynoise-io","tag-ivanti","tag-known-exploited-vulnerabilities-kev","tag-rapid7","tag-research","tag-technology","tag-threats","tag-virtual-private-network-vpn","tag-vulnerabilities","tag-watchtowr-labs","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/edge-devices\/\" rel=\"category tag\">edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewalls\/\" rel=\"category tag\">firewalls<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/greynoise\/\" rel=\"category tag\">greynoise<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/greynoise-io\/\" rel=\"category tag\">GreyNoise IO<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ivanti\/\" rel=\"category tag\">Ivanti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr-labs\/\" rel=\"category tag\">watchTowr Labs<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7690"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7690\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7690,"date":"2025-05-28T16:39:37","date_gmt":"2025-05-28T21:39:37","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84691"},"modified":"2025-05-28T16:39:37","modified_gmt":"2025-05-28T21:39:37","slug":"questions-mount-as-ivanti-tackles-another-round-of-zero-days","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/28\/questions-mount-as-ivanti-tackles-another-round-of-zero-days\/","title":{"rendered":"Questions mount as Ivanti tackles another round of zero-days"},"content":{"rendered":"