Warning: CVE-2025-22462, Authentication Bypass Vulnerability in Ivanti Neurons for ITSM leading to Remote Unauthenticated Administrative Access, Patch Immediately!

• Last update: 14/05/2025
• Affected software:
  → Ivanti Neurons for ITSM (on-prem only), versions: 2023.4, 2024.2 and 2024.3
• Type:
  → Authentication Bypass
• CVE/CVSS:
  → CVE-2025-22462: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/MPR:H)

Sources

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462

Risks

Ivanti Neurons for ITSM is an IT Service Management (ITSM) platform designed to streamline and
automate IT service delivery across organizations. CVE-2025-22462 is a critical vulnerability that allows
unauthenticated attackers to gain administrative access to unpatched systems through low-complexity
attacks. Successful exploitation may expose sensitive ITSM data and allow attackers to move laterally
within the network, potentially leading to widespread system compromise and posing a severe threat to
confidentiality, integrity, and availability.

Description

CVE-2025-22462 is an authentication bypass vulnerability that allows a remote unauthenticated attacker to gain administrative access to the system through low-complexity attacks, potentially resulting in complete system compromise and lateral movement.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22462