{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-24022","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-01-16T17:31:06.459Z","datePublished":"2025-05-14T14:57:37.960Z","dateUpdated":"2026-01-20T15:37:55.868Z"},"containers":{"cna":{"title":"iTop server vulnerable to portal code injection","problemTypes":[{"descriptions":[{"cweId":"CWE-78","lang":"en","description":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j","tags":["x_refsource_CONFIRM"],"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j"},{"name":"https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd","tags":["x_refsource_MISC"],"url":"https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd"},{"name":"https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e","tags":["x_refsource_MISC"],"url":"https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e"},{"name":"https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b","tags":["x_refsource_MISC"],"url":"https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b"}],"affected":[{"vendor":"Combodo","product":"iTop","versions":[{"version":"< 2.7.12","status":"affected"},{"version":">= 3.0.0, < 3.1.3","status":"affected"},{"version":">= 3.2.0, < 3.2.1","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-01-16T17:15:42.151Z"},"descriptions":[{"lang":"en","value":"iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1."}],"source":{"advisory":"GHSA-rhv2-wfrr-4j2j","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-14T15:11:31.622151Z","id":"CVE-2025-24022","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-20T15:37:55.868Z"}}]}}