Security Update News
Update Information
| Title | N-MDM – Security Advisory Ivanti Neurons for MDM (N-MDM) |
|---|---|
| Update ID | IVANTI:E942EB06DEAAFA72C4439868748EDE98 |
| Type | ivanti |
| Published | 2025-11-02T15:00:16 |
| Last Updated | 2025-11-02T15:16:49 |
Security Impact
| CVSS Score | 0.0 |
|---|---|
| Severity | NONE |
| Attack Vector |
Affected CVEs
Update Details
Ivanti has released updates for Ivanti Neurons for MDM (N-MDM) which addresses a medium severity vulnerability.
We are not aware of any customers being exploited by this vulnerability at the time of disclosure.
Vulnerability Details:
Description | CVSS Score (Severity) | CVSS Vector | CWE
—|—|—|—
Incorrect privilege assignment in Ivanti Neurons for MDM before version R110 allows a remote authenticated attacker access to limited functionality without proper authorization. | 5.4 (Medium) | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | CWE-266
Affected Versions
Product Name | Affected Version(s) | Resolved Version(s) | Patch Availability
—|—|—|—
Ivanti Neurons for MDM (N-MDM) | R108 and prior | R110 | Cloud service automatically updated as of January 17, 2025
Acknowledgements
Ivanti would like to thank the following for reporting the relevant issues and for working with Ivanti to help protect our customers:
* Mustafa Sanli of HackerOne
*
Note: Ivanti is dedicated to ensuring the security and integrity of our enterprise software products. We recognize the vital role that security researchers, ethical hackers, and the broader security community play in identifying and reporting vulnerabilities. Visit HERE to learn more about our Vulnerability Disclosure Policy.
FAQ
1. Are there any additional actions customers need to take?
No. The cloud service was automatically updated as of January 17, 2025, and there are no additional actions for customers to take.
2. Why isnβt there a CVE number associated with this vulnerability?
This vulnerability did not meet the criteria for reserving a CVE number. We are disclosing the fix of this issue to ensure responsible transparency for our customers.
3. Are you aware of any active exploitation of this vulnerability?
We are not aware of any customers being exploited by this vulnerability prior to public disclosure. This vulnerability was disclosed through our responsible disclosure program.
4. How can I tell if I have been compromised?
Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise.
5. What should I do if I need help?
If you have questions after reviewing this information, you can log a case and/or request a call via the Success Portal