fkie_cve-2025-22462
Vulnerability from fkie_nvd
Published
2025-05-13 16:15
Modified
2025-07-16 18:32
Severity ?
Summary
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | * | |
| ivanti | neurons_for_itsm | 2023.4 | |
| ivanti | neurons_for_itsm | 2024.2 | |
| ivanti | neurons_for_itsm | 2024.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75BA7A8E-E2F2-41B3-9BD1-56CFC430887E",
"versionEndExcluding": "2023.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:-:*:*:*:*:*:*",
"matchCriteriaId": "6DFAC472-854D-4740-913E-A3DC5A48CD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2024.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F20362DA-5407-4FEC-B463-061B1F8DA506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2024.3:-:*:*:*:*:*:*",
"matchCriteriaId": "5D009CE5-D185-4841-99BA-C8EB086C5F01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en Ivanti Neurons para ITSM (solo local) anterior a 2023.4, 2024.2 y 2024.3 con el parche de seguridad de mayo de 2025 permite que un atacante remoto no autenticado obtenga acceso administrativo al sistema."
}
],
"id": "CVE-2025-22462",
"lastModified": "2025-07-16T18:32:09.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
}
]
},
"published": "2025-05-13T16:15:28.530",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…