CVE-2025-24022 is an OS command injection vulnerability classified under CWE-78 found in Combodo iTop, a widely used web-based IT Service Management (ITSM) platform. The vulnerability exists in the server-side code that processes input from the frontend portal, where insufficient neutralization of special characters allows malicious input to be interpreted as OS commands. This flaw enables an attacker with low privileges to execute arbitrary commands on the underlying server, potentially leading to full system compromise including data theft, service disruption, or lateral movement within the network. The vulnerability affects multiple version ranges: all versions prior to 2.7.12, versions from 3.0.0 up to but not including 3.1.3, and versions from 3.2.0 up to but not including 3.2.1. The issue was publicly disclosed on May 14, 2025, and fixed in versions 2.7.12, 3.1.3, and 3.2.1. The CVSS v3.1 base score is 8.6, reflecting network attack vector, high impact on confidentiality, integrity, and availability, low privileges required, no user interaction needed, and scope change. No known exploits have been reported in the wild yet, but the vulnerability's characteristics make it a significant risk for organizations using affected versions of iTop. The vulnerability is particularly dangerous because it can be triggered remotely via the web portal, making it accessible to attackers without authentication or user interaction. This increases the likelihood of exploitation in the wild once exploit code becomes available.

For European organizations, the impact of CVE-2025-24022 can be severe. iTop is often used in IT service management environments, including critical infrastructure, government agencies, and large enterprises. Successful exploitation could lead to unauthorized access to sensitive ITSM data, disruption of IT service operations, and compromise of the underlying server environment. This could cascade into broader network compromise, data breaches, and operational downtime. Given the high confidentiality, integrity, and availability impacts, organizations could face regulatory penalties under GDPR if personal data is exposed or service disruptions occur. The vulnerability's remote exploitability without user interaction increases the risk of automated attacks and wormable scenarios. European sectors with high reliance on ITSM tools, such as finance, healthcare, telecommunications, and public administration, are particularly vulnerable. The lack of known exploits currently provides a window for proactive patching and mitigation before widespread attacks emerge.

1. Immediately upgrade all affected iTop instances to the fixed versions 2.7.12, 3.1.3, or 3.2.1 depending on the deployment version branch. 2. If immediate patching is not possible, restrict access to the iTop frontend portal using network segmentation, VPNs, or IP whitelisting to limit exposure to trusted users only. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious command injection patterns targeting the iTop portal. 4. Conduct thorough logging and monitoring of iTop server logs and network traffic for unusual command execution attempts or anomalies. 5. Review and harden server configurations hosting iTop to minimize the impact of potential command execution, including running services with least privilege and disabling unnecessary OS commands. 6. Educate IT and security teams about this vulnerability and ensure incident response plans include steps for rapid containment and remediation. 7. Regularly audit iTop deployments for version compliance and vulnerability exposure as part of vulnerability management programs.