PT-2025-46182 · Comodo+1 · Itop+1

Publicado

2025-04-23

Atualizado

2026-02-24

CVE-2025-47286

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2

Description Combodo iTop is a web-based IT service management tool. An administrator can execute code on the server by editing the configuration of the iTop instance in affected versions. Versions 2.7.13 and 3.2.2 include measures to escape and check the configuration parameter before executing a command based on it.

Recommendations Update to version 2.7.13 or later. Update to version 3.2.2 or later.

Exploit

Correção

Special Elements Injection

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-78

Identificadores relacionados

BDU:2025-06926

CVE-2025-47286

GHSA-4W93-RW6G-5M9C

Produtos afetados

Red Os

Itop

PT-2025-46182 · Comodo+1 · Itop+1

CVE-2025-47286

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9