Primary

Context

Ivanti Neurons for ITSM Authentication Bypass Vulnerability Allowing Administrative Access

Vulnerability

Patched

A vulnerability allowing authentication bypass has been identified in Ivanti Neurons for ITSM (on-premises only) versions 2023.4, 2024.2, and 2024.3 prior to the May 2025 Security Patch. This vulnerability allows remote, unauthenticated attackers to gain administrative access to the system.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the affected system.

Remediation

Users can upgrade to Ivanti Neurons for ITSM versions 2023.4, 2024.2, or 2024.3, all of which include the May 2025 Security Patch. The patch is available for download through the Ivanti License System (ILS).

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

7.4

remediation

7.9

relevance

0.0

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

7.4

remediation

7.9

relevance

0.0

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Neurons for ITSM Authentication Bypass Vulnerability Allowing Administrative Access

Vulnerability

Impact

Remediation

Affected Products

Ivanti Neurons for ITSM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating