CVE-2025-22462
CRITICALIvanti Neurons for ITSM < 2023.4, 2024.2, 2024.3 - Unauthenticated Authentication Bypass
Title source: llmDescription
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0181
EPSS Percentile
75.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-288
Status
published
Products (4)
ivanti/neurons_for_itsm
2023.4
ivanti/neurons_for_itsm
2024.2
ivanti/neurons_for_itsm
2024.3
ivanti/neurons_for_itsm
< 2023.4
Published
May 13, 2025
Tracked Since
Feb 18, 2026