CVE-2025-24022

Published: May 14, 2025

Modified: Jan 20, 2026

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

Vendor	Product	Versions
Combodo	iTop	affected `< 2.7.12` affected `>= 3.0.0, < 3.1.3` affected `>= 3.2.0, < 3.2.1`

Weaknesses (CWE)

CWE-78

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j

x_refsource_CONFIRM

https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd

x_refsource_MISC

https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e

x_refsource_MISC

https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-24022

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References