CVE-2025-24022

{"id": "CVE-2025-24022", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2025-05-14T15:15:56.293", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1."}, {"lang": "es", "value": "iTop es una herramienta web de gesti\u00f3n de servicios de TI. En versiones anteriores a la 2.7.12, 3.1.3 y 3.2.1, la ejecuci\u00f3n de c\u00f3digo del servidor era posible a trav\u00e9s del frontend del portal de iTop. Este problema se solucion\u00f3 en las versiones 2.7.12, 3.1.3 y 3.2.1."}], "lastModified": "2025-05-16T14:43:56.797", "sourceIdentifier": "security-advisories@github.com"}