CERT Issues Urgent Warning Over Critical Ivanti Mobile Security Flaw

Pakistan’s National Computer Emergency Response Team (CERT) has issued a high-risk cybersecurity alert after discovering a critical flaw in Ivanti Endpoint Manager Mobile, a system widely used to manage mobile devices in offices and government departments.

Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management (MDM) and Unified Endpoint Management (UEM) solution used by organizations to manage and secure mobile devices, such as smartphones and tablets, across an enterprise or government environment. It helps IT teams control policies for devices, applications, and data from a central platform

The vulnerability is already being exploited globally and allows hackers to take full control of affected systems without needing a username or password. Authorities have urged organizations to apply emergency fixes without delay.

According to the advisory, the flaw affects on-premises versions of Ivanti Endpoint Manager Mobile (EPMM), a platform used by organizations to manage smartphones, tablets, applications, and security policies from a central system. Such tools are commonly used by enterprises and government bodies to secure mobile access to emails, internal networks, and sensitive data.

Impact

Successful exploitation of these vulnerabilities may result in:

• Successful exploitation of these vulnerabilities may result in:
• Complete System Compromise- Full administrative control of EPMM appliances
• Sensitive Data Exposure – Access to managed mobile device data and credentials
• Policy Manipulation – Unauthorized modification of device configurations and security policies
• Persistent Backdoor Deployment – Long-term unauthorized access
• Lateral Movement – Pivoting into internal enterprise or government networks
• Operational Disruption – Loss of mobile device management capabilities
• Compliance Violations – Breach of regulatory and data protection obligations
• Supply Chain Risk – Abuse of trusted management infrastructure
• Espionage Enablement – Targeting of government or critical sector mobile assets
• Reputational Damage – Loss of trust due to infrastructure compromise

Threat Details

• Threat Category: Zero-day Remote Code Execution
• Threat Status: Actively exploited in the wild
• Root Cause: Improper input handling leading to code injection
• Exploit Maturity: Weaponized
• Persistence Risk: High (attackers may implant backdoors)

Vulnerability Information

• CVE-2026-1281 – Critical unauthenticated code injection (CISA KEV-listed)
• CVE-2026-1340 – Critical unauthenticated code injection

Affected Functionality:

• In-House Application Distribution
• Android File Transfer Configuration

Likely CWE

• CWE-94 – Improper Control of Code Generation
• CWE-77 – Command Injection
• CWE-284 – Improper Access Control

Affected Users

• Government and critical infrastructure organizations
• Enterprises using Ivanti EPMM on-premises
• Mobile device administrators and MDM teams
• Environments managing sensitive or regulated mobile data
• Internet-exposed or DMZ-deployed EPMM appliances

Remediation Actions

• Immediate Patching (Mandatory)
• Apply Ivanti’s emergency RPM patches immediately
• Patch all nodes, including High Availability (HA) members
• Prioritize internet-facing appliances
• Verify patch application and system integrity

Permanent Remediation

• Plan upgrade to EPMM version 12.8.0.0 upon release
• Reapply RPM patches after upgrades if required
• Interim Mitigations (If Patching Is Delayed)
• Isolate EPMM appliances from untrusted networks
• Restrict access via firewall rules and segmentation
• Monitor logs for anomalous behavior
• Review administrator accounts and authentication settings