PT-2025-20908 · Ivanti · Ivanti Neurons For Itsm
Published
2025-05-13
·
Updated
2025-07-16
·
CVE-2025-22462
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Ivanti Neurons for ITSM versions prior to 2023.4
Ivanti Neurons for ITSM versions 2024.2
Ivanti Neurons for ITSM versions 2024.3
Description:
An authentication bypass in Ivanti Neurons for ITSM allows a remote unauthenticated attacker to gain administrative access to the system. The issue is related to authentication bypass, which enables attackers to access the system without proper credentials.
Recommendations:
For Ivanti Neurons for ITSM versions prior to 2023.4, update to version 2023.4 or later to resolve the issue.
For Ivanti Neurons for ITSM version 2024.2, update to a version after 2024.2 to resolve the issue.
For Ivanti Neurons for ITSM version 2024.3, update to a version after 2024.3 to resolve the issue.
As a temporary workaround, consider restricting access to administrative functions until a patch is applied.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Neurons For Itsm