Unrated severityNVD Advisory· Published May 14, 2025· Updated Aug 26, 2025

iTop doesn't have mass assignment of fields in the portal form

CVE-2025-24021

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Affected products

Combodo/Itopv5
Range: < 2.7.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Combodo/iTop/commit/44290db312901fc5918cc537c74561487fb3713bmitrex_refsource_MISC
github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpjmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000