Cross-Site Scripting Vulnerability in Combodo iTop IT Service Management Tool
CVE-2025-47932

8.8HIGH

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-47932?

The Combodo iTop IT service management tool is susceptible to cross-site scripting (XSS) attacks when dashboards are rendered via AJAX calls in versions prior to 2.7.13 and 3.2.2. Attackers can exploit this vulnerability to inject malicious scripts, potentially compromising user data and system integrity. The issue is resolved in version 2.7.13 and 3.2.2, where proper sanitization mechanisms have been implemented to mitigate XSS risks.

Affected Version(s)

iTop < 2.7.13 < 2.7.13

iTop >= 3.0.0-alpha, < 3.2.2 < 3.0.0-alpha, 3.2.2

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
May 14, 2025

JSON