Authentication Bypass in Ivanti Neurons for ITSM for On-Premises Deployments
CVE-2025-22462
What is CVE-2025-22462?
An authentication bypass vulnerability has been identified in Ivanti Neurons for ITSM for on-premises deployments prior to the May 2025 Security Patch. This defect may allow remote, unauthenticated attackers to gain unauthorized administrative access, posing significant risks to system integrity and data security for users of affected versions. Organizations utilizing versions 2023.1 to 2024.3 should implement the latest security patch promptly to mitigate this risk.
Affected Version(s)
Neurons for ITSM (on-prem) 2023.4 w/ May 2025 Security Patch
Neurons for ITSM (on-prem) 2023.4 w/ May 2025 Security Patch
Neurons for ITSM (on-prem) 2024.2 w/ May 2025 Security Patch
News Articles
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.
3 weeks ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved