CVE-2025-24785 MEDIUM

CVE-2025-24785: iTop dashboard vulnerable to denial of service

Vendor Combodo
Product iTop
Weakness CWE-20 · Input validation
Published May 14, 2025
Last update May 14, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the dashboard.

Key dates

02Disclosure timeline

May 14, 2025 CVE published
May 14, 2025 Record updated