Credit: The original article is published here.
- Ivanti released a patch for a critical severity flaw in Neurons for ITSM
- The flaw can be abused to gain admin rights on target systems
- There is no evidence of abuse in the wild
Ivanti has patched a critical-severity vulnerability in its Neurons for ITSM IT service management solution, and is urging users to apply the fix and mitigate the risk as soon as possible.
Neurons for ITSM is an AI-powered IT Service Management platform used by IT departments in mid-to-large enterprises to automate, streamline, and manage IT support services, incidents, and assets across their organizations.
An exact number of users is unknown, but Ivanti claims to be servicing tens of thousands of organizations with its portfolio, so it’s safe to assume the attack surface is relatively large.
TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!
New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.
Preferred partner (What does this mean?)View Deal
Low complexity attacks
The vulnerability in question is tracked as CVE-2025-22462. NVD describes it as an authentication bypass in Neurons for ITSM in versions before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch. It affects on-prem instances only, and allows a remote unauthenticated threat actor to gain admin rights on the target system.
The company says that depending on the system configuration, the vulnerability can be exploited in low-complexity attacks. That, however, doesn’t seem to have happened yet, since Ivanti claims there is no evidence of abuse in the wild so far.
Ivanti also suggested that organizations should follow its guidance, since then they will be less exposed to potential attacks.
“Customers who have followed Ivanti’s guidance on securing the IIS website and restricted access to a limited number of IP addresses and domain names have a reduced risk to their environment,” the company said in an advisory. “Customers who have users log into the solution from outside their company network also have a reduced risk to their environment if they ensure that the solution is configured with a DMZ.”
This is the second major vulnerability Ivanti patched this week, after addressing a critical-severity bug in its Endpoint Manager Mobile (EPMM) software.
Via BleepingComputer
You might also like
- Ivanti patches two zero-days that could lead to RCE in Endpoint Manager Mobile
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
