【Vulnerability Alert】 Ivanti ITSM has a critical security vulnerability (CVE-2025-22462)

Date：2025/05/21

Subject: 【Vulnerability Alert】 Ivanti ITSM has a critical security vulnerability (CVE-2025-22462)
Description:
- Forwarded by Taiwan Computer Network Crisis Handling and Coordination Center TWCERTCC-200-202505-00000014
- ITSM is a reliable and powerful IT service management solution under Ivanti, which helps organizations improve service efficiency, ensure IT operations compliance and security. Recently, a critical security announcement was issued for Ivanti Neurons for ITSM (on-premises only). This vulnerability (CVE-2025-22462, CVSS: 9.8) allows unauthenticated remote attackers to gain system administrative access.
Affected Platforms:
- Versions 2023.4, 2024.2, 2024.3
Recommended Actions:
- Follow the solutions released on the official website to patch the vulnerability
Reference:
- https://www.twcert.org.tw/tw/cp-169-10125-44994-1.html

Network System Division
Computer and Communication Center9