CVE-2025-24021 | THREATINT

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

PUBLISHED Reserved 2025-01-16 | Published 2025-05-14 | Updated 2025-08-26 | Assigner GitHub_M

MEDIUM: 5.0CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

< 2.7.12

affected

>= 3.0.0, < 3.1.3

affected

>= 3.2.0, < 3.2.1

affected

References

github.com/...o/iTop/security/advisories/GHSA-c8hm-h9gv-8jpj

github.com/...ommit/44290db312901fc5918cc537c74561487fb3713b

cve.org (CVE-2025-24021)

nvd.nist.gov (CVE-2025-24021)

Download JSON