Vulnerability CVE-2025-24026: Information

Description

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.

Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24026
Published: May 14, 2025
Modified: Aug. 1, 2025
Error type identifier: CWE-1333

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
itopsisyphus3.2.1.1-alt13.2.2-alt2ALT-PU-2025-8678-2388451Fixed
itopsisyphus_riscv643.2.1.1-alt13.2.2-alt2ALT-PU-2025-8686-1-Fixed
itopsisyphus_loongarch643.2.1.1-alt13.2.2-alt2ALT-PU-2025-8695-1-Fixed
itopc10f23.2.1.1-alt13.2.2-alt1ALT-PU-2025-10037-3391669Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-9g7f-jmc3-rrmf
  • Vendor Advisory
    1. cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
      End excluding
      3.2.1
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.6.1
Back to top