Authentication Bypass in Ivanti Neurons for ITSM for On-Premises Deployments
CVE-2025-22462

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Neurons For Itsm (on-prem)
Vendor: CVE Published:; 13 May 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-22462?

An authentication bypass vulnerability has been identified in Ivanti Neurons for ITSM for on-premises deployments prior to the May 2025 Security Patch. This defect may allow remote, unauthenticated attackers to gain unauthorized administrative access, posing significant risks to system integrity and data security for users of affected versions. Organizations utilizing versions 2023.1 to 2024.3 should implement the latest security patch promptly to mitigate this risk.

Affected Version(s)

Neurons for ITSM (on-prem) 2023.4 w/ May 2025 Security Patch

Neurons for ITSM (on-prem) 2024.2 w/ May 2025 Security Patch

News Articles

BleepingComputer

CVE-2025-22462

Ivanti warns of critical Neurons for ITSM auth bypass flaw

Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2025
📰
First article discovered by BleepingComputer
May 13, 2025
Vulnerability published
May 13, 2025
Vulnerability Reserved
Jan 7, 2025