Security Update News
Update Information
| Title | Security Advisory March 2025 Ivanti Neurons for MDM (N-MDM) |
|---|---|
| Update ID | IVANTI:2E90A716EC9A2677774047AB2B436B6D |
| Type | ivanti |
| Published | 2025-10-03T18:55:33 |
| Last Updated | 2025-11-03T08:02:40 |
Security Impact
| CVSS Score | 0.0 |
|---|---|
| Severity | NONE |
| Attack Vector |
Affected CVEs
Update Details
Ivanti has released updates for Ivanti Neurons for MDM (N-MDM) which addresses a medium severity vulnerability.
We are not aware of any customers being exploited by this vulnerability at the time of disclosure.
## **Vulnerability Details:**
**Description**| **CVSS Score (Severity)**| **CVSS Vector**| **CWE**
—|—|—|—
An improper check for dropped privileges in Ivanti Neurons for MDM before R112 allows a remote authenticated attacker with admin privileges to retain their session. | 6.7 (Medium)| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H| CWE-273
## **Affected Versions**
**Product Name**| **Affected Version(s)**| **Resolved Version(s)**| **Patch Availability**
—|—|—|—
Ivanti Neurons for MDM (N-MDM) | R110 and prior | R112| Cloud service automatically updated as of 2/24/2025
## **Acknowledgements**
Ivanti would like to thank the following for reporting the relevant issues and for working with Ivanti to help protect our customers:
* * Mustafa Sanli of HackerOne
Note: Ivanti is dedicated to ensuring the security and integrity of our enterprise software products. We recognize the vital role that security researchers, ethical hackers, and the broader security community play in identifying and reporting vulnerabilities. Visit HERE to learn more about our Vulnerability Disclosure Policy.
## **FAQ**
**1\. Why isnβt there a CVE number associated with this vulnerability?**
This vulnerability did not meet the criteria for reserving a CVE number. We are disclosing the fix of this issue to ensure responsible transparency for our customers.
**2\. Are you aware of any active exploitation of this vulnerability?**
We are not aware of any customers being exploited by this vulnerability prior to public disclosure. This vulnerability was disclosed through our responsible disclosure program.
**3\. How can I tell if I have been compromised?**
Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise.
**4\. What should I do if I need help?**
If you have questions after reviewing this information, you can log a case and/or request a call via the Success Portal