CVE-2025-24026 — MEDIUM (5.3)

Q: How severe is CVE-2025-24026?

CVE-2025-24026 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-24026?

Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.

Vulnerability Description

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Combodo	Itop	< 3.2.1

Related Weaknesses (CWE)

CWE-1333

References

https://github.com/Combodo/iTop/security/advisories/GHSA-9g7f-jmc3-rrmfVendor Advisory

FAQ

What is CVE-2025-24026?

CVE-2025-24026 is a vulnerability with a CVSS score of 5.3 (MEDIUM). iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version ...

How severe is CVE-2025-24026?

CVE-2025-24026 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-24026?

Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.