CVE-2025-24022HIGH 8.5EPSS p38.7%

CVE-2025-24022CVE-2025-24022

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

Scoring

CVSS 3.18.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.7% · 2026-06-19T12:03:05Z
Published2025-05-14
Last modified2026-01-16

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd
  2. https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e
  3. https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b
  4. https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3826
CVE
CVE-2025-22467
CVE
CVE-2025-22466
CVE
CVE-2026-8111
CVE
CVE-2026-42224
CVE
CVE-2025-31644
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.