CVE Daily

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4...

Critical CVSS 9.8

Overview

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

CWE: CWE-288 Published: 2025-05-13T16:15:28.530
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags