CVE-2025-22462 | THREATINT

Description

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

PUBLISHED Reserved 2025-01-07 | Published 2025-05-13 | Updated 2025-05-13 | Assigner ivanti

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-288

Product status

Default status

affected

2023.4 w/ May 2025 Security Patch (custom)

unaffected

2024.2 w/ May 2025 Security Patch (custom)

unaffected

2024.3 w/ May 2025 Security Patch (custom)

unaffected

References

forums.ivanti.com/...or-ITSM-on-premises-only-CVE-2025-22462

cve.org (CVE-2025-22462)

nvd.nist.gov (CVE-2025-22462)

Download JSON