CVE-2025-24785

Published May 14, 2025

Last updated 2 months ago

CVSS medium 4.3

Overview

Description
iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the dashboard.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.