Back to search
CVE-2025-47286
Published: Nov 10, 2025
Modified: Nov 10, 2025
PUBLISHED
Description
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.
| Vendor | Product | Versions |
|---|---|---|
Combodo | iTop | affected < 2.7.13affected >= 3.0.0-alpha, < 3.2.2 |
Weaknesses (CWE)
References
https://github.com/Combodo/iTop/security/advisories/GHSA-4w93-rw6g-5m9c
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now