CVE-2025-24026

Published May 14, 2025

Last updated a year ago

CVSS medium 5.3

Overview

Description: iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.
Source: security-advisories@github.com
NVD status: Analyzed
Products: itop

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 3.6
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-1333

Hype score: Not currently trending

CVE-2025-24026 iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumsta… https://t.co/9aNPVi7Bxm
@CVEnew
14 May 2025
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BF8B6F29-FD69-4F2C-8A50-7A32FC0FDCE0",
            "versionEndExcluding": "3.2.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References