Security Advisory

CVE-2025-48878

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-10 20:43:04

Last updated 2025-11-10 20:58:47

Assigner GitHub_M

State PUBLISHED

Description

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user (e.g. with Service desk agent profile) to create a ModuleInstallation object when they shouldnt be able to do so. Version 3.2.2 fixes the issue.

← Browse all CVEs View on cve.org ↗