CVE-2025-24026

{"id": "CVE-2025-24026", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2025-05-14T15:15:56.440", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-9g7f-jmc3-rrmf", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS."}, {"lang": "es", "value": "iTop es una herramienta web de gesti\u00f3n de servicios de TI. Las versiones anteriores a la 3.2.1 son vulnerables a la denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS), que, en determinadas circunstancias, puede afectar al servidor iTop. La versi\u00f3n 3.2.1 no utiliza la variable afectada en la expresi\u00f3n regular. Como workaround, si iTop app_root_url est\u00e1 definido en el archivo de configuraci\u00f3n, no es posible explotar este ReDoS."}], "lastModified": "2025-05-16T14:43:56.797", "sourceIdentifier": "security-advisories@github.com"}