PHP Error Trigger in iTop IT Service Management Tool by Combodo
CVE-2025-24785

4.3MEDIUM

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-24785?

A vulnerability exists in the iTop IT Service Management tool, version 3.2.0, allowing an attacker to send a crafted URL to the server that triggers a PHP error. This error results in a crashed start page upon the next user loading the dashboard. The issue is resolved in version 3.2.1, which implements necessary checks on the provided layout_class before saving the dashboard, thus enhancing its stability and security. To safeguard your IT environment, it is essential to upgrade to the latest version.

Affected Version(s)

iTop = 3.2.0

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Jan 23, 2025