VYPR
Unrated severityNVD Advisory· Published May 14, 2025· Updated Aug 26, 2025

iTop doesn't have mass assignment of fields in the portal form

CVE-2025-24021

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    <2.7.12 || <3.1.3 || <3.2.1+ 1 more
    • (no CPE)range: <2.7.12 || <3.1.3 || <3.2.1
    • (no CPE)range: < 2.7.12

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.