CVE-2025-24022

Summary

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

Affected Software

VendorProductVersion RangeStatus
CombodoiTop< 2.7.12affected
CombodoiTop>= 3.0.0, < 3.1.3affected
CombodoiTop>= 3.2.0, < 3.2.1affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References