Unrated severityNVD Advisory· Published May 14, 2025· Updated Aug 26, 2025
iTop doesn't have mass assignment of fields in the portal form
CVE-2025-24021
Description
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/Combodo/iTop/commit/44290db312901fc5918cc537c74561487fb3713bmitrex_refsource_MISC
- github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.