On May 13, 2025, Ivanti released a security advisory addressing two zero-day vulnerabilities in their EPMM products. An attacker could chain those vulnerabilities to achieve unauthenticated remote code execution on the vulnerable device. These vulnerabilities have been exploited in a limited number of cases.
CERT-EU strongly recommends applying the update as soon as possible, prioritising Internet facing devices.