{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24969", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-01-29T15:18:03.209Z", "datePublished": "2025-05-14T15:11:45.247Z", "dateUpdated": "2025-05-14T15:45:51.476Z"}, "containers": {"cna": {"title": "iTop portal user can see any other contact's picture", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc"}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"version": "< 3.2.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-14T15:11:59.541Z"}, "descriptions": [{"lang": "en", "value": "iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue."}], "source": {"advisory": "GHSA-52p7-7f8f-j7pc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T15:45:46.450095Z", "id": "CVE-2025-24969", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T15:45:51.476Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24969", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T15:45:46.450095Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T15:45:48.794Z"}}], "cna": {"title": "iTop portal user can see any other contact's picture", "source": {"advisory": "GHSA-52p7-7f8f-j7pc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"status": "affected", "version": "< 3.2.1"}]}], "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc", "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-14T15:11:59.541Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24969", "state": "PUBLISHED", "dateUpdated": "2025-05-14T15:45:51.476Z", "dateReserved": "2025-01-29T15:18:03.209Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-14T15:11:45.247Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF8B6F29-FD69-4F2C-8A50-7A32FC0FDCE0", "versionEndExcluding": "3.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue."}, {"lang": "es", "value": "iTop es una herramienta web de gesti\u00f3n de servicios de TI. Antes de la versi\u00f3n 3.2.1, un usuario del portal pod\u00eda ver la foto de cualquier otro contacto modificando el ID de la foto en la URL. La versi\u00f3n 3.2.1 incluye una correcci\u00f3n para este problema."}], "id": "CVE-2025-24969", "lastModified": "2025-08-05T20:49:48.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-14T16:15:27.300", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"created": "2025-07-12T15:26:13.824009+00:00", "updated": "2025-07-12T15:26:13.824072+00:00", "vendors": ["combodo", "combodo$PRODUCT$itop"]}