CVE-2025-24021 – iTop Unauthenticated Object Field Modification Vulnerability

CVE ID : CVE-2025-24021

Published : May 14, 2025, 3:15 p.m. | 1 hour, 38 minutes ago

Description : iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they’re not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…