CVE-2025-24022 is a high-severity OS command injection vulnerability affecting Combodo's iTop, a widely used web-based IT Service Management (ITSM) tool. The vulnerability exists in versions prior to 2.7.12, between 3.0.0 and before 3.1.3, and between 3.2.0 and before 3.2.1. The root cause is improper neutralization of special elements in user inputs, classified under CWE-78, which allows an attacker to inject arbitrary operating system commands through the frontend portal of iTop. This flaw enables remote code execution (RCE) on the server hosting iTop without requiring user interaction, but it does require low-level privileges (PR:L) and has a high attack complexity (AC:H). The vulnerability impacts confidentiality, integrity, and availability (all rated high), and the scope is changed (S:C), meaning the exploit can affect resources beyond the initially vulnerable component. Although no known exploits are currently reported in the wild, the CVSS score of 8.6 underscores the critical nature of this vulnerability. Successful exploitation could allow attackers to execute arbitrary commands on the server, potentially leading to full system compromise, data theft, disruption of ITSM operations, and lateral movement within the network. The vulnerability is fixed in iTop versions 2.7.12, 3.1.3, and 3.2.1.

For European organizations, the impact of this vulnerability is significant due to the critical role ITSM tools like iTop play in managing IT infrastructure, incident response, and service continuity. Exploitation could lead to unauthorized access to sensitive IT service data, disruption of IT operations, and potential exposure of confidential information. Given the interconnected nature of IT environments, attackers could leverage this vulnerability to pivot to other internal systems, escalating the impact. Organizations in sectors with stringent data protection regulations such as GDPR (e.g., finance, healthcare, government) face heightened risks of regulatory penalties and reputational damage if exploited. Additionally, disruption of ITSM services could impair incident management and recovery processes, prolonging downtime and affecting business continuity.

European organizations should immediately assess their iTop deployments and upgrade to fixed versions 2.7.12, 3.1.3, or 3.2.1 as applicable. Where immediate patching is not feasible, implement strict input validation and sanitization at the web application firewall (WAF) level to block suspicious command injection patterns targeting iTop endpoints. Restrict network access to the iTop portal to trusted IP ranges and enforce strong authentication and authorization controls to limit exposure. Conduct thorough audits of server logs for any signs of attempted exploitation. Employ runtime application self-protection (RASP) tools if available to detect and block command injection attempts in real time. Finally, integrate this vulnerability into vulnerability management and incident response workflows to ensure rapid detection and remediation.