News

Service vulnerability in NHS Identity Agent - mandatory update required

We have identified there is a medium-severity service vulnerability with all previous versions of the NHS Identity Agent, including v2.4.5.0 and v2.4.6.0.

Date:: 10 September 2025

There is a medium-severity service vulnerability with all previous versions of the NHS Identity Agent, including v2.4.5.0, and v2.4.6.0.

Organisations are required to move to v2.4.10.0 as soon as possible, within your regular patching schedule, and no later than 12 October 2025, as this version resolves this vulnerability.

All previous versions of the Identity Agent client are retired with immediate effect.

You can:

Share this page

Facebook

Twitter

Latest news

19 August 2025 Outages for TLS 1.0 and 1.1 - updated schedule

IT teams need to update to the latest version of Identity Agent. Failure to update could result in authentication issues and service disruption.

9 July 2025 Spine Directory Service (SDS) upgrade on Saturday 19 July 2025

We are carrying out an upgrade to the Spine DEX hosts on Saturday 19 July 2025 between 10:00am and 11:00am.

11 June 2025 REMINDER: changes to NHSE Path to Live environments

The TRAIN and DEV environments will both be decommissioned on 31 July 2025.

30 May 2025 Moving from CIS1 Identity Agent to CIS2 Smartcard Connect

NHS CIS1 Identity Agent will no longer be supported from February 2027 and all organisations will need to use NHS CIS2 Smartcard Connect from that date.

21 May 2025 Action required by IT teams to support ongoing use of Care Identity Service

Important dates for IT teams as we update infrastructure and authentication.

Last edited: 11 September 2025 12:04 pm