CVE-2025-24026

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.2.1

Description: The issue is related to a regular expression denial of service (ReDoS) that may affect the iTop server under certain circumstances. The problem arises from the use of an affected variable in a regular expression. However, if the app root url is defined in the configuration file, exploitation of this issue is not possible.

Recommendations: For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, ensure that app root url is defined in the configuration file to prevent exploitation.