CVE-2025-24021
iTop doesn't have mass assignment of fields in the portal formiTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
We have discovered 22 live websites that are affected by CVE-2025-24021.
Affected Software
| Product | |
| Category | Issue Trackers |
| Vulnerable Domains | 22 live websites (129.41% of Combodo iTop install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 80.00% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - May 14, 2025
- Updated - May 14, 2025
CWE
CVE References
CWE References
CVE-2025-24021 usage by Country
 United States | 4 websites |
 France | 6 websites |
 Switzerland | 2 websites |
 Germany | 2 websites |
 Czech Republic | 1 websites |
 Denmark | 1 websites |
 GB | 1 websites |
 Israel | 1 websites |
 Romania | 1 websites |
CVE-2025-24021 usage by TLD
| .com | 7 websites |
| .fr | 3 websites |
| .ch | 2 websites |
| .com.cn | 1 websites |
| .cz | 1 websites |
| .de | 1 websites |
| .dk | 1 websites |
| .net | 1 websites |
| .org | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-24021
Top websites that are affected by CVE-2025-24021. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | **,***,*** | |
| *********.com | Germany | **,***,*** | |
| *******.*****.fr | France | **,***,*** | |
| *******.**********.com |  Singapore | **,***,*** | |
| ***.de | Germany | **,***,*** | |
| ****.******.ch | Switzerland | **,***,*** | |
| *******.********.fr | France | **,***,*** | |
| ****.*******.ro | Romania | **,***,*** | |
| *****.*********.cz | Czech Republic | **,***,*** | |
| ****.***.ch | France | **,***,*** |
FAQ
CVE-2025-24021 is Missing Authorization in Combodo iTop
A total of 22 websites have been identified as vulnerable to CVE-2025-24021, based on global website indexing conducted by WebTechSurvey.
The Combodo iTop is affected by the CVE-2025-24021 vulnerability.
Combodo iTop versions up to 3.2.1 are vulnerable to CVE-2025-24021.
CVE-2025-24021 is resolved in version 3.2.1 of Combodo iTop.