CVE-2025-60357

AhnLab · EPP Management

AhnLab EPP Management contains a vulnerability that permits an authenticated attacker to execute unauthorized actions, potentially leading to total system compromise.

Executive summary

A vulnerability in AhnLab EPP Management allows authenticated attackers to gain elevated control, presenting a high risk to organizational security.

Vulnerability

The vulnerability allows an authenticated user to perform unauthorized operations, resulting in a high impact on both confidentiality and integrity. The attack requires network access and a low level of user privileges to trigger the flaw.

Business impact

The ability for an authenticated attacker to achieve total technical impact within the EPP Management system creates a significant risk for security operations. With a CVSS score of 8.1, the potential for unauthorized system changes or data manipulation is severe, necessitating urgent remediation to prevent exploitation.

Remediation

Immediate Action: Contact AhnLab support or review official advisory portals to identify the patched version and apply it immediately.

Proactive Monitoring: Monitor management console logs for unauthorized configuration changes or unexpected administrative activity.

Compensating Controls: Implement strict session timeouts and restrict access to the EPP Management interface to trusted internal segments or VPN-only access.

Exploitation status

Public Exploit Available: Yes (a public proof-of-concept exists on GitHub)

Analyst recommendation

Due to the availability of a public proof-of-concept, the risk associated with this vulnerability is elevated. Security teams must treat this as a high-priority item and coordinate with the vendor immediately to secure their EPP Management deployments.