← back
CVE-2025-24022

iTop server vulnerable to portal code injection

CVSS 8.6 HIGHEPSS 0.5%CWE-78
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Combodo · iTop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bdhttps://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54ehttps://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0bhttps://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j