CVE-2025-24021
- Source
- https://cve.org/CVERecord?id=CVE-2025-24021
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24021.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-24021
- Aliases
-
- GHSA-c8hm-h9gv-8jpj
- Published
- 2025-05-14T14:48:42.694Z
- Modified
- 2026-04-10T05:22:55.900549Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- iTop doesn't have mass assignment of fields in the portal form
- Details
-
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24021.json", "cwe_ids": [ "CWE-862" ], "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/combodo/itop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/combodo/itop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.7.12" } ] }