CVE-2025-22462

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22462
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.3:-:*:*:*:*:*:*
History

16 Jul 2025, 18:32

Type Values Removed Values Added
CPE cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.3:-:*:*:*:*:*:*
Summary
  • (es) Una omisión de autenticación en Ivanti Neurons para ITSM (solo local) anterior a 2023.4, 2024.2 y 2024.3 con el parche de seguridad de mayo de 2025 permite que un atacante remoto no autenticado obtenga acceso administrativo al sistema.
First Time Ivanti neurons For Itsm
Ivanti
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462 - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462 - Vendor Advisory

13 May 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-13 16:15

Updated : 2025-07-16 18:32

NVD link : CVE-2025-22462

Mitre link : CVE-2025-22462

CVE.ORG link : CVE-2025-22462

JSON object : View

Products Affected

ivanti

  • neurons_for_itsm
CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel