An improper input validation flaw exists in Ivanti Endpoint Manager Mobile (EPMM) versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. A user who is already authenticated with administrative privileges can exploit this defect to execute arbitrary code on the device, leading to full system compromise. The weakness is identified as CWE‑20, indicating that the application does not properly validate or sanitize user-supplied data, thereby allowing an attacker to influence program behavior to their advantage.

Affected are Ivanti Endpoint Manager Mobile deployments up to and including versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. Any installation of these releases that allows remote administrative access is susceptible. Devices running newer releases are considered out of scope for this issue.

The CVSS score for this vulnerability is 7.2, classifying it as high severity. Exploitation requires remote authentication with administrative rights, meaning the attacker must first compromise or obtain valid credentials. The EPSS score of 5% indicates a very low likelihood of exploitation, though precise probability remains uncertain. The existence of the flaw in a product used for device management, combined with its inclusion in the CISA KEV catalog, indicates that it is actively exploited or is a high priority for attackers. Since remote code execution can occur from a remote context, the potential impact extends to all devices under the compromised administrative account and possibly to the broader network if lateral movement is possible.