CVE-2025-24021

Published: May 14, 2025Modified: Aug 22, 2025

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Exploitability: 3.1 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Affected (3)

Products: Combodo: Itop

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Combodo Itop	Before 2.7.12
Combodo Itop	From 3.0.0 to 3.1.3
Combodo Itop	From 3.2.0 to 3.2.1

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://github.com/Combodo/iTop/commit/44290db312901fc5918cc537c74561487fb3713b

Source: security-advisories@github.com

https://github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpj

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.