CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc

Configurations

No configuration.

History

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) iTop es una herramienta web de gestión de servicios de TI. Antes de la versión 3.2.1, un usuario del portal podía ver la foto de cualquier otro contacto modificando el ID de la foto en la URL. La versión 3.2.1 incluye una corrección para este problema.

14 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 16:15

Updated : 2025-05-16 14:43

NVD link : CVE-2025-24969

Mitre link : CVE-2025-24969

CVE.ORG link : CVE-2025-24969

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

5.0 /10