Combodo iTop vulnerable to Remote Code Execution in the backup...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.

AI Analysis

Remote Code Execution vulnerability in Combodo iTop's backup creation functionality

Basic Information

ID CVE-2025-47286

Source GitHub_M

Published Nov 10, 2025 at 18:38

Modified Nov 10, 2025 at 19:47

Affected Product

Vendor Combodo

Product iTop

Version < 2.7.13

Affected Versions Combodo iTop < 2.7.13
Combodo iTop >= 3.0.0-alpha, < 3.2.2

CWE Classification

CWE-74

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Combodo

Product iTop

Version < 2.7.13, >= 3.0.0-alpha, < 3.2.2

References

github.com /Combodo/iTop/security/advisories/GHSA-4w93-rw6g-5m9c

{
    "lastseen": "",
    "description": "Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.",
    "published": "2025-11-10T18:38:40.283Z",
    "modified": "2025-11-10T19:47:01.682Z",
    "type": "cve",
    "title": "Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality",
    "source": "GitHub_M",
    "references": "https://github.com/Combodo/iTop/security/advisories/GHSA-4w93-rw6g-5m9c",
    "id": "CVE-2025-47286",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Combodo iTop < 2.7.13\nCombodo iTop >= 3.0.0-alpha, < 3.2.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iTop",
    "version": "< 2.7.13",
    "vendor": "Combodo",
    "ai_description": "Remote Code Execution vulnerability in Combodo iTop's backup creation functionality",
    "ai_severity": "High",
    "ai_vendor": "Combodo",
    "ai_product": "iTop",
    "ai_version": "< 2.7.13, >= 3.0.0-alpha, < 3.2.2",
    "ai_score": 8.6
}

Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality_CVE-2025-47286