Critical Ivanti EPMM CVE-2023-35078 0-Day Actively Exploited
Key Takeaways Ivanti has released an urgent security advisory for its Endpoint Manager Mobile (EPMM) product, specifically for on-premises deployments. The advisory addresses multiple actively...
Key Takeaways
- Ivanti has released an urgent security advisory for its Endpoint Manager Mobile (EPMM) product, specifically for on-premises deployments.
- The advisory addresses multiple actively exploited vulnerabilities, including CVE-2026-6973, which requires administrative authentication.
- Only on-premises EPMM installations are affected; cloud-based solutions like Ivanti Neurons for MDM are not vulnerable.
- Patches are available and should be applied immediately, with Ivanti noting they are quick to install and cause no downtime.
Ivanti EPMM Under Attack: Critical Vulnerabilities Actively Exploited
Ivanti has issued a critical security advisory urging all customers using its on-premises Endpoint Manager Mobile (EPMM) solution to apply immediate patches. The advisory confirms that multiple vulnerabilities, most notably CVE-2026-6973, are being actively exploited in the wild.
Table Of Content
While exploitation activity for CVE-2026-6973, which necessitates administrative authentication, was described as “very limited” at the time of public disclosure, Ivanti emphasized the rapidly shrinking window for remediation. The company highlighted that advanced AI models have drastically accelerated the time-to-exploit for newly disclosed vulnerabilities, reducing it from days to mere hours.
Targeted Product and Scope
The vulnerabilities exclusively impact on-premises versions of Ivanti EPMM. Crucially, Ivanti confirmed that its cloud-based unified endpoint management solution, Ivanti Neurons for MDM, along with Ivanti EPM, Ivanti Sentry, and other Ivanti products, remain unaffected by these specific flaws.
AI Integration in Vulnerability Management
In a significant strategic shift, Ivanti revealed its integration of advanced large language model (LLM) AI systems into its product security and engineering red team processes. This innovative approach has empowered internal security teams to detect and mitigate vulnerabilities that often elude traditional static application security testing (SAST) and dynamic application security testing (DAST) tools.
Ivanti acknowledged that some of the vulnerabilities detailed in its latest advisory were directly uncovered through this AI-assisted methodology. The company maintains a “human in the loop” policy, ensuring all automated or agentic findings are verified by human experts to uphold responsible AI usage within its security program.
EPMM: A Persistent Target for Threat Actors
Ivanti EPMM has consistently been a high-value target for sophisticated threat actors. The CISA Known Exploited Vulnerabilities (KEV) catalog lists at least 31 Ivanti defects since late 2021, with at least 19 vulnerabilities across various Ivanti products exploited within the last two years alone. Previous zero-day campaigns against EPMM include CVE-2025-4427 and CVE-2025-4428 in May 2025, and CVE-2023-35078 and CVE-2023-35082 in 2023, with some attacks attributed to state-sponsored groups, notably from China.
This sustained targeting underscores EPMM’s critical role in enterprise mobile device management infrastructures, making it an attractive entry point for adversaries.
The vulnerabilities detailed in Ivanti’s May 2026 security advisory specifically impact on-premises EPMM installations. Cloud-based Ivanti Neurons for MDM users are not affected. Ivanti has released comprehensive remediation instructions via its official Security Advisory, providing patch packages that the company states can be applied in seconds without causing any downtime.
What You Should Do
- Apply Patches Immediately: All administrators of on-premises Ivanti EPMM instances must apply the available security patches without delay.
- Monitor Logs: Regularly inspect Apache access logs at
/var/log/httpd/https-access_logfor any indicators of attempted or successful exploitation. - Enhance Network Segmentation: Implement robust network segmentation to restrict access to EPMM administrative interfaces exclusively to trusted and isolated networks.
- Review MDM Policies: Conduct a thorough review and harden mobile device management policies to minimize the overall attack surface.
- Stay Informed: Subscribe to Ivanti’s Security Blog and the Ivanti Innovators Hub for real-time alerts and updates on new vulnerabilities.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.