9.8

CVE-2025-22462

Medienbericht
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IvantiNeurons For Itsm Version < 2023.4
IvantiNeurons For Itsm Version2023.4 Update-
IvantiNeurons For Itsm Version2024.2 Update-
IvantiNeurons For Itsm Version2024.3 Update-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.87% 0.766
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
3c1d8aa1-5a33-4ea4-8992-aadd6440af75 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462
Vendor Advisory