CVE-2025-24021

medium

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

References

https://github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpj

https://github.com/Combodo/iTop/commit/44290db312901fc5918cc537c74561487fb3713b

Details

Source: Mitre, NVD

Published: 2025-05-14

Updated: 2025-08-22

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00026