Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN315

_____________________________________________________________________

DATE                : 15/05/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ivanti Neurons for ITSM (on-prem
           only) versions prior to 2023.4 May 2025 Security Patch,
      2024.2 May 2025 Security Patch, 2024.3 May 2025 Security Patch.

=====================================================================
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462?language=en_US
_____________________________________________________________________

Security Advisory Ivanti Neurons for ITSM (On-Premises Only)
(CVE-2025-22462)
Primary Product
Ivanti Neurons for ITSM (Premise)
Created Date
13 May 2025 14:04:34
Last Modified Date
13 May 2025 14:42:36


Security Advisory Ivanti Neurons for ITSM (on-premises only)
(CVE-2025-22462)

Summary

Ivanti has released updates for Ivanti Neurons for ITSM (on-prem only)
which addresses one critical severity vulnerability. Depending on
system configuration, successful exploitation could allow an
unauthenticated remote attacker to gain administrative access to the
system.

We are not aware of any customers being exploited by these
vulnerabilities at the time of disclosure.

We have included an environmental score to provide customers with
additional context on the adjusted risk of this vulnerability with
typical use cases. Customers who have followed Ivanti’s guidance on
securing the IIS website and restricted access to a limited number
of IP addresses and domain names have a reduced risk to their
environment. Customers who have users log into the solution from
outside their company network also have a reduced risk to their
environment if they ensure that the solution is configured with a DMZ.


Vulnerability Details:

CVE Number    Description    CVSS Score (Severity)   CVSS Vector   CWE

CVE-2025-22462    An authentication bypass in Ivanti Neurons for ITSM
(on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025
Security Patch allows a remote unauthenticated attacker to gain
administrative access to the system.
Base Score: 9.8 (Critical)      Environmental Score*: 6.9 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/MPR:H
CWE-288

*Environmental Score: This scoring results from an extended CVSS scoring
vector including Environmental metrics. Specifically, the Modified
Privileges Required (MPR) metric reflects a customer environment where
the ITSM instance is only available to high-privileged users, either by
networking restrictions or otherwise. We’re including this information
to convey the reduction in risk when ITSM is installed as recommended.

 

Affected Versions

Product Name    Affected Version(s)   Resolved Version(s)  
Patch Availability

Ivanti Neurons for ITSM (on-prem only)   2023.4, 2024.2 and 2024.3
    2023.4 May 2025 Security Patch
    2024.2 May 2025 Security Patch
    2024.3 May 2025 Security Patch

Download Available in ILS

 
Solution

Follow the instructions documents provided in the download files to
apply the patch.


Mitigation or Workaround

Customers who have followed Ivanti’s guidance on securing the IIS
website and restricted access to a limited number of IP addresses
and domain names have a reduced risk to their environment. Customers
who have users that log into the solution from outside their
company network also have a reduced risk to their environment if
they ensure that the solution is configured with a DMZ.


FAQ

    Are you aware of any active exploitation of these vulnerabilities?

We are not aware of any customers being exploited by these
vulnerabilities prior to public disclosure. These vulnerabilities
were disclosed through our responsible disclosure program. 

    How can I tell if I have been compromised?
    Currently, there is no known public exploitation of this
vulnerability that could be used to provide a list of indicators
of compromise.

    What should I do if I need help? 

If you have questions after reviewing this information, you can
log a case and/or request a call via the Success Portal 

 
Article Number :
000099519

Article Promotion Level
Normal


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================