Primary

Context

Ivanti Neurons for ITSM Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Ivanti Neurons for ITSM (On-Premise) versions through 2025.3. This vulnerability allows remote authenticated attackers to access limited information from other user sessions, requiring user interaction to exploit.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can update to Ivanti Neurons for ITSM version 2025.4 (On-Premise), available in the Ivanti License System. For cloud customers, the fix was applied to all environments on December 12, 2025.

Added: Apr 14, 2026, 3:25 PM

Updated: Apr 14, 2026, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Neurons for ITSM Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Neurons for ITSM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating