Authentication Bypass in Ivanti Neurons for ITSM for On-Premises Deployments
CVE-2025-22462

9.8CRITICAL

Key Information:

Vendor

Ivanti

Vendor
CVE Published:
13 May 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-22462?

An authentication bypass vulnerability has been identified in Ivanti Neurons for ITSM for on-premises deployments prior to the May 2025 Security Patch. This defect may allow remote, unauthenticated attackers to gain unauthorized administrative access, posing significant risks to system integrity and data security for users of affected versions. Organizations utilizing versions 2023.1 to 2024.3 should implement the latest security patch promptly to mitigate this risk.

Affected Version(s)

Neurons for ITSM (on-prem) 2023.4 w/ May 2025 Security Patch

Neurons for ITSM (on-prem) 2023.4 w/ May 2025 Security Patch

Neurons for ITSM (on-prem) 2024.2 w/ May 2025 Security Patch

News Articles

Ivanti warns of critical Neurons for ITSM auth bypass flaw

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.

3 weeks ago

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-22462 : Authentication Bypass in Ivanti Neurons for ITSM for On-Premises Deployments