cbcvebase.
CVE-2025-24026
published 2025-05-14

CVE-2025-24026: iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some…

PriorityP427medium5.3CVSS 3.1
AVNACHPRLUINSUCNINAH
EPSS
0.27%
17.8th percentile
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.

Affected

1 ranges
VendorProductVersion rangeFixed in
combodoitop< 3.2.13.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.