Code Execution Vulnerability in Combodo iTop IT Service Management Tool
CVE-2025-47286

8.6HIGH

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-47286?

In specific versions of Combodo iTop, an improper handling of configuration parameters allows an administrator to execute arbitrary server-side code. This vulnerability is present in versions prior to 2.7.13 and 3.2.2. Those later versions implement necessary validations and restrictions to mitigate such risks, ensuring that configurations cannot lead to unauthorized command execution.

Affected Version(s)

iTop < 2.7.13 < 2.7.13

iTop >= 3.0.0-alpha, < 3.2.2 < 3.0.0-alpha, 3.2.2

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
May 5, 2025

JSON