What is the CVSS score of CVE-2025-22462?

CVE-2025-22462 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 6.6%.

Which versions of Neurons For Itsm are affected by CVE-2025-22462?

CVE-2025-22462 presents critical security risk rated CVSS 9.8. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

How to fix or mitigate CVE-2025-22462?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Neurons For Itsm CVE-2025-22462

CRITICAL

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2025-05-13 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Authentication Bypass Ivanti Neurons For Itsm

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:41 vuln.today

CVE Published

May 13, 2025 - 16:15 nvd

CRITICAL 9.8

DescriptionNVD

AnalysisAI

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-288. An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. Affected products include: Ivanti Neurons For Itsm. Version information: before 2023.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.