Ivanti has issued security updates to address a critical vulnerability (CVE-2025-22462) in its Neurons for ITSM product, which could allow attackers to gain unauthorized administrative access. Proper configuration and application of patches are essential for minimizing the risk, especially for on-premises systems.
Affected: Ivanti Neurons for ITSM (on-premises versions 2023.4, 2024.2, 2024.3)
Affected: Ivanti Neurons for ITSM (on-premises versions 2023.4, 2024.2, 2024.3)
Keypoints
- Ivanti released security patches for a critical authentication bypass vulnerability in Neurons for ITSM.
- The CVE-2025-22462 flaw allows unauthenticated attackers to potentially gain admin access.
- Organizations are advised to follow Ivantiβs security guidance and properly configure their systems for reduced risk.
- Additional patches address a default credentials vulnerability (CVE-2025-22460) in Ivanti Cloud Services Appliance.
- Ivanti emphasizes the importance of reinstalling or correctly patching for comprehensive protection against these vulnerabilities.