9.8
CVE-2025-22462
- EPSS 1.87%
- Veröffentlicht 13.05.2025 15:10:17
- Zuletzt bearbeitet 16.07.2025 18:32:09
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Neurons For Itsm Version < 2023.4
Ivanti ≫ Neurons For Itsm Version2023.4 Update-
Ivanti ≫ Neurons For Itsm Version2024.2 Update-
Ivanti ≫ Neurons For Itsm Version2024.3 Update-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.87% | 0.766 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462