CVE-2025-22462

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22462
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.3:-:*:*:*:*:*:*
History

16 Jul 2025, 18:32

Type Values Removed Values Added
First Time Ivanti neurons For Itsm
Ivanti
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462 - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462 - Vendor Advisory
Summary
  • (es) Una omisión de autenticación en Ivanti Neurons para ITSM (solo local) anterior a 2023.4, 2024.2 y 2024.3 con el parche de seguridad de mayo de 2025 permite que un atacante remoto no autenticado obtenga acceso administrativo al sistema.
CPE cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.3:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2024.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*

13 May 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-13 16:15

Updated : 2025-07-16 18:32

NVD link : CVE-2025-22462

Mitre link : CVE-2025-22462

CVE.ORG link : CVE-2025-22462

JSON object : View

Products Affected

ivanti

  • neurons_for_itsm
CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel