Primary

Context

Ivanti Neurons for ITSM Improper Access Control Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability allowing improper access control has been identified in Ivanti Neurons for ITSM, both in cloud and on-premises versions. This vulnerability enables a remote authenticated attacker to gain administrative access. It arises from inadequate access control measures, allowing unauthorized elevation of privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access, allowing attackers to gain elevated privileges within the application.

Remediation

Users of Ivanti Neurons for ITSM on-premises can update to version 2025.4 Patch 1, 2025.3 Patch 1, or 2025.2 Patch 1. For cloud users, the update has already been applied.

Added: Jun 1, 2026, 7:50 PM

Updated: Jun 1, 2026, 7:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.9

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.9

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Neurons for ITSM Improper Access Control Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Ivanti Neurons

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating