CVE-2025-24022
- Source
- https://cve.org/CVERecord?id=CVE-2025-24022
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24022.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-24022
- Aliases
-
- GHSA-rhv2-wfrr-4j2j
- Published
- 2025-05-14T14:57:37.960Z
- Modified
- 2026-04-10T05:22:55.658939Z
- Severity
-
- 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- iTop server vulnerable to portal code injection
- Details
-
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24022.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24022.json
- https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j
- https://nvd.nist.gov/vuln/detail/CVE-2025-24022
- https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd
- https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e
- https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b
Affected packages
Git / github.com/combodo/itop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/combodo/itop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.7.12" } ] }