CVE-2025-24021 – This vulnerability in iTop allows authenticated... (How to Fix)

Q: What is the severity of CVE-2025-24021?

CVE-2025-24021 has a CVSS score of 5.0 (MEDIUM). This vulnerability in iTop allows authenticated users with portal access to modify object fields they shouldn't have permission to change. It affects all iTop installations with portal access enabled. The issue is an authorization bypass that enables unauthorized data manipulation.

📋 TL;DR

This vulnerability in iTop allows authenticated users with portal access to modify object fields they shouldn't have permission to change. It affects all iTop installations with portal access enabled. The issue is an authorization bypass that enables unauthorized data manipulation.

💻 Affected Systems

Products:

iTop (IT Service Management tool)

Versions: All versions before 2.7.12, 3.1.3, and 3.2.1

Operating Systems: All platforms running iTop

Default Config Vulnerable: ⚠️ Yes

Notes: Requires portal access to be enabled and user accounts with portal permissions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify critical configuration data, user permissions, or service management records, potentially disrupting IT operations or escalating privileges.

🟠

Likely Case

Users could modify fields they shouldn't have access to, leading to data integrity issues, unauthorized changes to tickets or configurations, or minor privilege escalation.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to unauthorized field modifications that could be detected and rolled back.

🌐 Internet-Facing: MEDIUM - iTop portals are often internet-facing for user access, but exploitation requires authenticated portal access.

🏢 Internal Only: MEDIUM - Internal users with portal accounts could exploit this to modify data beyond their intended permissions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated portal access but appears straightforward based on the advisory description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.12, 3.1.3, or 3.2.1 depending on your version

Vendor Advisory: https://github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpj

Restart Required: Yes

Instructions:

1. Identify your iTop version. 2. Backup your installation and database. 3. Download the appropriate patched version (2.7.12, 3.1.3, or 3.2.1). 4. Follow iTop upgrade procedures for your version. 5. Restart web services.

🔧 Temporary Workarounds

Disable portal access

all

Temporarily disable portal access to prevent exploitation while planning upgrade

# Modify iTop configuration to disable portal access
# Edit configuration file to restrict portal functionality

Restrict portal user permissions

all

Review and reduce permissions for all portal users to minimum required

# Review user roles in iTop administration panel
# Modify portal user permissions to essential functions only

🧯 If You Can't Patch

Implement strict monitoring of portal user activities and field modifications
Apply network segmentation to isolate iTop instances and limit access to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check iTop version in administration panel or via version.php file. If version is below 2.7.12, 3.1.3, or 3.2.1, you are vulnerable.

Check Version:

Check iTop administration panel or examine the version.php file in the iTop installation directory

Verify Fix Applied:

After upgrade, verify version shows 2.7.12, 3.1.3, or 3.2.1. Test portal user permissions to ensure they cannot modify unauthorized fields.

📡 Detection & Monitoring

Log Indicators:

Unusual field modification events by portal users
Multiple failed permission checks followed by successful modifications
User activities outside normal permission boundaries

Network Indicators:

Unusual patterns of portal API calls modifying object fields
Increased traffic to field modification endpoints

SIEM Query:

source="iTop_logs" AND (event_type="field_modification" AND user_role="portal_user")

📊 Metadata

CVE ID: CVE-2025-24021

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE: CWE-862

EPSS Score: 0.06% exploit probability (17.9th percentile)

Published: May 14, 2025

Last Updated: August 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24021, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Itop by Combodo

Itop by Combodo

Itop by Combodo

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable portal access

Restrict portal user permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities