CVE-2025-24022
iTop server vulnerable to portal code injection
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Combodo · iTopQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bdhttps://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54ehttps://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0bhttps://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j