(TLP:CLEAR) CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems

Summary: Today, CISA released a Malware Analysis Report (MAR) detailing the functionality of two sets of malware obtained from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM).These critical vulnerabilities were promptly shared with members in May and can be used in chained attacks to achieve unauthenticated remote code execution.

CISA suggests organizations upgrade Ivanti EPMM systems to the latest version and to treat mobile device management systems as high-value assets with strengthened monitoring and restrictions. The report also includes indicators of compromise (IOCs), and YARA and SIGMA rules.

Analyst Note: WaterISAC actively tracks and shares with members critical threats and vulnerabilities related to Ivanti products as they are widely used within the sector, often have high-risk vulnerabilities associated with them requiring updates, and are targeted by many of the threat actors who focus on the water sector and other critical infrastructure sectors.WaterISAC encourages members to review CISA’s recent MAR and utilize the suggested mitigations, IOCs, and YARA and SIGMA rules.

Original Source: https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-malware-analysis-report-malicious-listener-targeting-ivanti-endpoint-manager-mobile

Mitigation Recommendations:

• (TLP:CLEAR) Critical Zero Day Vulnerabilities in Fortinet and Ivanti Impact a Range of Products and Services

Related WaterISAC PIRs: 6, 8, 10, 12