Ivanti

Ivanti has released security updates for its Neurons for ITSM IT service management solution to mitigate a critical authentication bypass vulnerability. Tracked as CVE-2025-22462, this flaw allows unauthenticated attackers to gain administrative access to unpatched systems in low-complexity attacks. Ivanti also patched a default credentials security flaw in its Cloud Services Appliance (CSA) and a critical Connect Secure zero-day exploited by the UNC5221 China-linked espionage group. Multiple other Ivanti security flaws have been exploited in zero-day attacks over the last year.

Source: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-neurons-for-itsm-auth-bypass-flaw/

TPRM report: https://scoringcyber.rankiteo.com/company/ivanti

"id": "iva554051425",
"linkid": "ivanti",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'industry': 'IT Service Management',
                        'name': 'Ivanti',
                        'type': 'Organization'}],
 'attack_vector': ['Authentication Bypass',
                   'Default Credentials',
                   'Zero-day Exploit'],
 'description': 'Ivanti has released security updates for its Neurons for ITSM '
                'IT service management solution to mitigate a critical '
                'authentication bypass vulnerability. Tracked as '
                'CVE-2025-22462, this flaw allows unauthenticated attackers to '
                'gain administrative access to unpatched systems in '
                'low-complexity attacks. Ivanti also patched a default '
                'credentials security flaw in its Cloud Services Appliance '
                '(CSA) and a critical Connect Secure zero-day exploited by the '
                'UNC5221 China-linked espionage group. Multiple other Ivanti '
                'security flaws have been exploited in zero-day attacks over '
                'the last year.',
 'impact': {'systems_affected': ['Neurons for ITSM',
                                 'Cloud Services Appliance (CSA)',
                                 'Connect Secure']},
 'motivation': 'Gain Administrative Access',
 'post_incident_analysis': {'corrective_actions': ['Apply Security Updates'],
                            'root_causes': ['Authentication Bypass '
                                            'Vulnerability',
                                            'Default Credentials',
                                            'Zero-day Exploit']},
 'recommendations': ['Apply Security Updates'],
 'response': {'remediation_measures': ['Security Updates']},
 'threat_actor': ['Unauthenticated Attackers',
                  'UNC5221 China-linked Espionage Group'],
 'title': 'Ivanti Security Updates for Neurons for ITSM and Other Products',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2025-22462',
                             'Default Credentials in CSA',
                             'Connect Secure zero-day']}