{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T05:56:53.231","vulnerabilities":[{"cve":{"id":"CVE-2025-24021","sourceIdentifier":"security-advisories@github.com","published":"2025-05-14T15:15:56.157","lastModified":"2025-08-22T21:15:30.793","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue."},{"lang":"es","value":"iTop es una herramienta web de gestión de servicios de TI. En versiones anteriores a las 2.7.12, 3.1.3 y 3.2.1, cualquier persona con una cuenta y acceso al portal podía asignar valores a campos de objeto cuando no debía. Las versiones 2.7.12, 3.1.3 y 3.2.1 incluyen una solución para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.12","matchCriteriaId":"FC277226-1ABB-4593-B14C-4910541DA298"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.3","matchCriteriaId":"2C365D2D-CA46-4DA0-8739-7950631132E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.1","matchCriteriaId":"6BE41CA6-35B8-41BA-B116-B63136CA48C9"}]}]}],"references":[{"url":"https://github.com/Combodo/iTop/commit/44290db312901fc5918cc537c74561487fb3713b","source":"security-advisories@github.com"},{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}