[Vulnerability Alert] Critical Security Vulnerability Found in Ivanti ITSM (CVE-2025-22462)

publish date : 2025-05-20 update date : 2025-05-20

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2025051508055959 Publication Time 2025/05/15 09:00
Incident Type ANA-Vulnerability Alert Discovery Time 2025/05/15 09:00
Impact Level Low  
[Subject]
[Vulnerability Alert] Critical Security Vulnerability Found in Ivanti ITSM (CVE-2025-22462)
[Content]
Forwarded from TWCERTCC-200-202505-00000014

Ivanti ITSM, part of the Ivanti Neurons suite, is a reliable and robust IT service management solution designed to improve service efficiency and ensure compliance and security in IT operations. Recently, a critical vulnerability was disclosed affecting Ivanti Neurons for ITSM (on-premises only).
[CVE-2025-22462, CVSS: 9.8] This vulnerability allows unauthenticated remote attackers to gain administrative access to the system.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Ivanti Neurons for ITSM versions: 2023.4, 2024.2, 2024.3
[Recommended Actions]
Please refer to Ivanti's official website for remediation instructions and apply the necessary patches.
[Reference]
https://www.twcert.org.tw/tw/cp-169-10125-44994-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center