CVE-2025-24026

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24026

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24026.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24026

Aliases

GHSA-9g7f-jmc3-rrmf

Published

2025-05-14T14:59:47.581Z

Modified

2026-04-10T05:22:55.925206Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

iTop Inefficient Regular Expression Complexity vulnerability

Details

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop approoturl is defined in the configuration file, then there is no possible way to exploit this ReDoS.

Database specific

{
    "cwe_ids": [
        "CWE-1333"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24026.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a9bc4973b40a4834228fefec69646a8738d3f82e

Affected versions

2.*

2.7.0-alpha1

2.7.0-beta

2.7.0-beta2

3.*

3.1.0-alpha1

3.2.0-alpha1

3.2.0-rc1

3.2.0-rc2

3.2.0-rc3

ITSM_Designer_3.*

ITSM_Designer_3.1-compatibility

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24026.json"