VYPR
Unrated severityNVD Advisory· Published Nov 10, 2025· Updated Nov 10, 2025

Combodo iTop vulnerable to IDOR with ModuleInstallation object

CVE-2025-48878

Description

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user (e.g. with Service desk agent profile) to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    >=3.0.0, <3.2.2+ 1 more
    • (no CPE)range: >=3.0.0, <3.2.2
    • (no CPE)range: >= 3.0.0-alpha, < 3.2.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.