Unrated severityNVD Advisory· Published May 14, 2025· Updated Jan 20, 2026

iTop server vulnerable to portal code injection

CVE-2025-24022

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

Affected products

Combodo/Itopv5
Range: < 2.7.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bdmitrex_refsource_MISC
github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54emitrex_refsource_MISC
github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0bmitrex_refsource_MISC
github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2jmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000