CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

The vulnerability in the iTop web tool for managing IT services arises from an incorrect limitation on the path to the restricted access catalog, allowing a perpetrator to disclose protected information.

The vulnerability of the iTop IT service management web tool is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

The vulnerability in the iTop web tool for managing IT services, related to the re-use of CSRF tokens, allows a attacker to execute a CSRF attack.

The vulnerability in the iTop IT service management web tool is related to the repeated use of CSRF tokens. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack remotely...