CVE-2025-10243 is an OS command injection vulnerability classified under CWE-78, found in the administrative panel of Ivanti Endpoint Manager Mobile (EPMM) prior to versions 12.6.0.2, 12.5.0.4, and 12.4.0.4. The flaw arises due to improper neutralization of special elements in OS commands, allowing an authenticated attacker with administrative privileges to inject and execute arbitrary operating system commands remotely. This vulnerability enables remote code execution (RCE), potentially allowing attackers to take full control over the affected system. The vulnerability requires authentication with admin-level privileges but does not require user interaction, increasing the risk if admin credentials are compromised. The CVSS v3.1 base score is 7.2, reflecting high severity with network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability. Although no public exploits have been reported, the vulnerability poses a significant risk to organizations relying on Ivanti EPMM for mobile endpoint management, especially in environments where administrative credentials may be exposed or insufficiently protected. The vulnerability was reserved in September 2025 and published in October 2025, with no patch links provided in the source data, indicating the need for organizations to monitor Ivanti advisories closely for updates.

The potential impact of CVE-2025-10243 is substantial for organizations using Ivanti Endpoint Manager Mobile. Successful exploitation allows attackers to execute arbitrary OS commands with administrative privileges, leading to full system compromise. This can result in unauthorized data access, modification, or deletion, disruption of endpoint management services, and lateral movement within the network. The compromise of mobile endpoint management infrastructure can undermine an organization's security posture by disabling security controls, deploying malicious configurations, or exfiltrating sensitive information. Given the administrative access requirement, insider threats or credential theft scenarios are particularly concerning. The vulnerability affects confidentiality, integrity, and availability, potentially causing operational disruptions and data breaches. Organizations in sectors with high reliance on mobile device management, such as finance, healthcare, government, and critical infrastructure, face elevated risks. The absence of known exploits in the wild currently reduces immediate threat but does not diminish the urgency of remediation due to the vulnerability's high severity and ease of exploitation once admin access is obtained.

To mitigate CVE-2025-10243, organizations should immediately verify the version of Ivanti Endpoint Manager Mobile in use and plan to upgrade to versions 12.6.0.2, 12.5.0.4, or 12.4.0.4 or later once patches are available. In the interim, restrict administrative access to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) for all admin accounts. Conduct thorough audits of admin account usage and credentials to detect potential compromise. Implement network segmentation to isolate the management interface from untrusted networks and monitor for anomalous command execution or privilege escalation attempts. Employ application-layer firewalls or intrusion detection systems capable of detecting command injection patterns targeting the admin panel. Regularly review and harden configurations of the Ivanti EPMM environment to minimize attack surface. Additionally, maintain up-to-date backups and incident response plans tailored to potential endpoint management system compromises. Engage with Ivanti support channels to receive timely patch notifications and verify patch integrity upon release.