CVE-2025-60357
AhnLab · EPP Management
AhnLab EPP Management contains a vulnerability that permits an authenticated attacker to execute unauthorized actions, potentially leading to total system compromise.
Executive summary
A vulnerability in AhnLab EPP Management allows authenticated attackers to gain elevated control, presenting a high risk to organizational security.
Vulnerability
The vulnerability allows an authenticated user to perform unauthorized operations, resulting in a high impact on both confidentiality and integrity. The attack requires network access and a low level of user privileges to trigger the flaw.
Business impact
The ability for an authenticated attacker to achieve total technical impact within the EPP Management system creates a significant risk for security operations. With a CVSS score of 8.1, the potential for unauthorized system changes or data manipulation is severe, necessitating urgent remediation to prevent exploitation.
Remediation
Immediate Action: Contact AhnLab support or review official advisory portals to identify the patched version and apply it immediately.
Proactive Monitoring: Monitor management console logs for unauthorized configuration changes or unexpected administrative activity.
Compensating Controls: Implement strict session timeouts and restrict access to the EPP Management interface to trusted internal segments or VPN-only access.
Exploitation status
Public Exploit Available: Yes (a public proof-of-concept exists on GitHub)
Analyst recommendation
Due to the availability of a public proof-of-concept, the risk associated with this vulnerability is elevated. Security teams must treat this as a high-priority item and coordinate with the vendor immediately to secure their EPP Management deployments.