CVE-2025-49145

High CVSS: 8.7

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly administrators) can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature.

Vendor

Combodo

Product

Itop

CWE

CWE-863

Yayın Tarihi

2025-11-10 22:15:35

Güncelleme

2025-11-21 13:37:57

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Itop HIGH Combodo 2025

Referanslar

https://github.com/Combodo/iTop/security/advisories/GHSA-55q8-mfxr-pq4j

Benzer Kayıtlar

High

CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-sit…

High

CVE-2025-48065

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…

Medium

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct…

High

CVE-2025-48055

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse…

High

CVE-2025-47932

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…

High

CVE-2025-47286

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by…