CVE-2025-22462
published 2025-05-13CVE-2025-22462: An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.87%
76.7th percentile
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | neurons_for_itsm | < 2023.4 | 2023.4 |
| ivanti | neurons_for_itsm | — | — |
| ivanti | neurons_for_itsm | — | — |
| ivanti | neurons_for_itsm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Ivanti Neurons for ITSM on-premises only; cloud/SaaS instances are not affected. Focus detection on on-prem deployments running versions 2023.4, 2024.2, or 2024.3 without the May 2025 Security Patch. ↗
- →Monitor for unauthenticated requests that result in administrative access or privilege escalation on the Ivanti Neurons for ITSM IIS web application. Anomalous admin-level activity from unauthenticated or unexpected source IPs is a key indicator. ↗
- →Restrict IIS website access to a limited set of known IP addresses and domain names as a compensating control; alert on access attempts from IPs outside the allowlist. ↗
- →For externally accessible deployments, verify DMZ configuration is in place. Detect exposure of the ITSM solution directly to the internet without DMZ as a high-risk configuration indicator. ↗
- ·Only on-premises deployments are affected. Ivanti Neurons for ITSM cloud/SaaS instances are not vulnerable. ↗
- ·Risk is reduced (but not eliminated) for deployments where IIS access is restricted to a limited set of IPs/domains per Ivanti hardening guidance. ↗
- ·Risk is also reduced for externally-accessible deployments that are properly configured with a DMZ. ↗
- ·As of disclosure, Ivanti found no evidence of active exploitation in the wild. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-22462
vendor_ivanti·2025-05-13·CVSS 9.8
CVE-2025-22462 [CRITICAL] CWE-288 Ivanti Security Advisory: CVE-2025-22462
Ivanti Security Advisory: CVE-2025-22462
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
CVE IDs: CVE-2025-22462
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-288
GHSA
GHSA-c3xm-4wh2-jmcg: An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023
ghsa_unreviewed·2025-05-13
CVE-2025-22462 [CRITICAL] CWE-288 GHSA-c3xm-4wh2-jmcg: An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti fixes EPMM zero-days chained in code execution attacks
blogs_bleepingcomputer·2025-05-13·CVSS 5.3
[MEDIUM] Ivanti fixes EPMM zero-days chained in code execution attacks
## Ivanti fixes EPMM zero-days chained in code execution attacks
## Sergiu Gatlan
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution.
"Ivanti has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability," the company said .
"When chained together, successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure."
The first security flaw ( CVE-2025-4427 ) is an authentication bypass in EPMM's API component, allowing attackers to access protected resources on vulnerable devices. The s
Bleepingcomputer
Ivanti warns of critical Neurons for ITSM auth bypass flaw
blogs_bleepingcomputer·2025-05-13·CVSS 7.8
CVE-2025-22462 [HIGH] Ivanti warns of critical Neurons for ITSM auth bypass flaw
## Ivanti warns of critical Neurons for ITSM auth bypass flaw
## Sergiu Gatlan
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.
Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration.
As the company highlighted in a security advisory released today, organizations that followed its guidance are less exposed to attacks.
"Customers who have followed Ivanti's guidance on securing the IIS website and restricted access to a limited number of IP addresses and domain names have a reduced risk to their environment," Ivanti said .
"Customers who have users l
2025-05-13
Published