CVE-2025-22462

Published: May 13, 2025Modified: Jul 16, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 (Secondary)

Description

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

Affected (4)

Products: Ivanti: Neurons For Itsm

Ivanti

1 product

Neurons For Itsm

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ivanti Neurons For Itsm	Before 2023.4
Ivanti Neurons For Itsm	Version 2023.4
Ivanti Neurons For Itsm	Version 2024.2
Ivanti Neurons For Itsm	Version 2024.3

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (1)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Vendor Advisory

Timeline

No history available yet.