CVE-2025-27139

Summary

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.

Affected Software

VendorProductVersion RangeStatus
CombodoiTop< 2.7.12affected
CombodoiTop>= 3.0.0-alpha, < 3.1.2affected
CombodoiTop>= 3.2.0-alpha1, < 3.2.0affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References