Analysis Summary

Ivanti has disclosed a critical authentication bypass vulnerability (CVE-2025-22462) in its Neurons for ITSM on-premises solution. This flaw, revealed on May 13, 2025, could allow unauthenticated remote attackers to gain administrative access to affected systems. The vulnerability impacts versions 2023.4, 2024.2, 2024.3, and earlier, with Ivanti noting that only on-premises deployments are affected. Security patches addressing the issue have been released and are available for download via the Ivanti Licensing and Downloads Portal (ILS).

While the vulnerability is rated critical by base CVSS standards, Ivanti has issued an adjusted environmental score of 6.9 for organizations that have applied recommended security measures. These include securing the IIS website and restricting access to the ITSM interface via IP address or domain name filters. Organizations that have placed the ITSM instance behind a DMZ for external access are also considered at lower risk. Ivanti has emphasized the importance of these configurations in mitigating potential exposure until patching is feasible.

As of the disclosure date, Ivanti has not observed any active exploitation of CVE-2025-22462 in the wild. The issue was discovered through Ivanti’s responsible disclosure program. However, given the high severity, the company strongly advises immediate patching. For environments unable to patch promptly, following the mitigation steps, especially limiting access and securing public-facing components, remains essential to reduce the attack surface.

This vulnerability adds to a growing list of security issues plaguing Ivanti products. In April 2025, a critical flaw (CVE-2025-22457) in Ivanti’s Connect Secure VPN was actively exploited by threat actors believed to be linked to China. Additionally, critical bugs in Standalone Sentry and Neurons for ITSM were patched in March, which could allow command execution. The repeated targeting of Ivanti solutions highlights the need for organizations to remain vigilant and prioritize timely updates across their Ivanti infrastructure.

Impact

• Security Bypass
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-22462

• CVE-2025-22457

Affected Vendors

Affected Products

• Ivanti Neurons for ITSM (on-prem only) 2024.3
• Ivanti Neurons for ITSM (on-prem only) 2024.2
• Ivanti Neurons for ITSM (on-prem only) 2023.4

Remediation

• Download and install the May 2025 security patches for affected versions (2023.4, 2024.2, and 2024.3) from the Ivanti Licensing and Downloads Portal (ILS).
• Follow Ivanti’s guidance to harden the IIS web server configuration used by Neurons for ITSM.
• Limit access to the ITSM web interface by allowing only trusted IP addresses and domain names.
• Place the ITSM instance behind a demilitarized zone (DMZ) for external user access to reduce direct exposure to the internet.
• Regularly audit access logs and monitor for unusual behavior or access attempts targeting ITSM systems.
• Follow official Ivanti advisories for any new updates, threat intelligence, or configuration recommendations.