CVE-2025-24026

Medium CVSS: 5.3

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.

Vendor

Combodo

Product

Itop

CWE

CWE-1333

Yayın Tarihi

2025-05-14 15:15:56

Güncelleme

2025-08-01 18:39:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-1333 Itop MEDIUM Combodo 2025

Referanslar

https://github.com/Combodo/iTop/security/advisories/GHSA-9g7f-jmc3-rrmf

Benzer Kayıtlar

High

CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-sit…

High

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough ri…

High

CVE-2025-48065

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…

Medium

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct…

High

CVE-2025-48055

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse…

High

CVE-2025-47932

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…