Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Obtain User Sessions

Ivanti has issued a new security advisory addressing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform.

If left unpatched, these flaws could allow remote authenticated attackers to compromise user sessions and maintain unauthorized access to corporate networks,even after administrators have disabled affected accounts.

The company confirmed that there is currently no evidence of active exploitation in the wild. However, given the nature of ITSM platforms as central management tools, Ivanti warns that organizations should act promptly to mitigate the risk.

Breakdown of the Flaws

The vulnerabilities impact both cloud-based and on-premise deployments running versions 2025.3 and earlier, each posing distinct data security concerns:

• CVE-2026-4913 (CVSS 5.7): This issue arises from improper protection of an alternate system path. It allows a remote, authenticated attacker to retain access even after their user account is disabled. Known as “zombie access,” this flaw could let malicious insiders or hijacked accounts continue viewing or interacting with internal workflows long after being supposedly removed from the system.
• CVE-2026-4914 (CVSS 5.4): Classified as a stored Cross-Site Scripting (XSS) vulnerability, this bug enables an attacker to capture sensitive data from other active user sessions. Although exploitation requires interaction from the targeted user, it can lead to session hijacking and unauthorized exposure of operational data across Ivanti’s ITSM platform.

Ivanti urges all customers to upgrade their systems to version 2025.4, which includes fixes for both vulnerabilities. Patch procedures differ depending on deployment type:

• Cloud Deployments: No immediate customer action is required. Ivanti proactively applied the security fixes to all managed cloud environments in December 2025, shielding hosted customers from both CVEs.
• On-Premise Deployments: Organizations using self-managed versions must manually log into the Ivanti License System (ILS) portal to download and install the latest patch. Delays in applying these updates may leave internal systems exposed to unauthorized session persistence or data leakage.

While these vulnerabilities carry medium CVSS scores, attackers often chain such issues to escalate privileges and move laterally across enterprise networks.

Given the recurring targeting of ITSM platforms in corporate environments, maintaining up-to-date system integrity remains vital for network defense.

Keeping Ivanti Neurons installations patched and monitored ensures organizations can effectively prevent misuse of administrative tools, closing doors that attackers might otherwise exploit to maintain hidden access routes.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Obtain User Sessions appeared first on Cyber Security News.