Primary

Context

Ivanti Neurons for ITSM Improper Path Protection Vulnerability Allowing Access Retention

Vulnerability

Patched

A vulnerability in Ivanti Neurons for ITSM (On-Premise) versions through 2025.3 has been identified, allowing remote authenticated attackers to retain access even after their accounts have been disabled. This issue arises from improper protection of an alternate path, enabling unauthorized access persistence.

Impact

Exploitation of this vulnerability allows remote authenticated attackers to maintain access to the application, bypassing account deactivation measures.

Remediation

Users can update to Ivanti Neurons for ITSM version 2025.4 (On-Premise) to address this vulnerability. This version is available for download through the Ivanti License System (ILS). For cloud customers, the fix was applied automatically on 12 December 2025.

Added: Apr 14, 2026, 3:26 PM

Updated: Apr 14, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

4.8

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

4.8

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Neurons for ITSM Improper Path Protection Vulnerability Allowing Access Retention

Vulnerability

Impact

Remediation

Affected Products

Ivanti Neurons for ITSM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating