Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: CVE-2025-22462, Authentication Bypass Vulnerability in Ivanti Neurons for ITSM leading to Remote Unauthenticated Administrative Access, Patch Immediately!
Image
Published : 14/05/2025
- Last update: 14/05/2025
- Affected software:
→ Ivanti Neurons for ITSM (on-prem only), versions: 2023.4, 2024.2 and 2024.3- Type:
→ Authentication Bypass- CVE/CVSS:
→ CVE-2025-22462: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/MPR:H)
Sources
Risks
Ivanti Neurons for ITSM is an IT Service Management (ITSM) platform designed to streamline and
automate IT service delivery across organizations. CVE-2025-22462 is a critical vulnerability that allows
unauthenticated attackers to gain administrative access to unpatched systems through low-complexity
attacks. Successful exploitation may expose sensitive ITSM data and allow attackers to move laterally
within the network, potentially leading to widespread system compromise and posing a severe threat to
confidentiality, integrity, and availability.
Description
CVE-2025-22462 is an authentication bypass vulnerability that allows a remote unauthenticated attacker to gain administrative access to the system through low-complexity attacks, potentially resulting in complete system compromise and lateral movement.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.