CVE-2025-47932 is a cross-site scripting (XSS) vulnerability classified under CWE-79 that affects Combodo iTop, a web-based IT service management tool widely used for managing IT assets, incidents, and service requests. The vulnerability exists in versions prior to 2.7.13 and between 3.0.0-alpha and 3.2.2, where the application fails to properly sanitize input variables during the rendering of dashboards via AJAX calls. Specifically, the variable responsible for rendering dashboard content is not neutralized correctly, allowing an attacker to inject malicious JavaScript code. When a user loads the affected dashboard, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, unauthorized actions, or the spread of malware. The vulnerability is remotely exploitable without authentication (AV:N, PR:N), but requires user interaction (UI:R), such as visiting a maliciously crafted dashboard URL or viewing a compromised dashboard. The CVSS v3.1 base score is 8.8, indicating high severity with high impact on confidentiality, integrity, and availability. The issue was addressed in versions 2.7.13 and 3.2.2 by properly sanitizing the input variable responsible for the attack vector. No public exploits have been reported yet, but the vulnerability's nature and impact make it a critical risk for organizations using vulnerable versions of iTop. Given iTop's role in IT service management, exploitation could disrupt IT operations and expose sensitive organizational data.

For European organizations, the impact of CVE-2025-47932 can be significant due to the critical role of IT service management platforms like iTop in maintaining operational continuity and security. Successful exploitation could lead to unauthorized access to session tokens, enabling attackers to impersonate legitimate users and perform administrative actions within the ITSM environment. This could result in data leakage of sensitive IT infrastructure information, manipulation or deletion of service tickets, and disruption of IT workflows. The compromise of confidentiality, integrity, and availability of ITSM data could cascade into broader organizational risks, including downtime, compliance violations (e.g., GDPR), and reputational damage. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure employees into triggering the exploit. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency. European entities relying on iTop for critical ITSM functions should prioritize patching to avoid operational and security risks.

1. Upgrade Combodo iTop installations to version 2.7.13 or 3.2.2 (or later) immediately, as these versions include the necessary input sanitization fixes. 2. If immediate upgrade is not feasible, implement web application firewall (WAF) rules to detect and block suspicious AJAX requests containing script injection patterns targeting the dashboard rendering endpoint. 3. Conduct user awareness training to reduce the risk of social engineering attacks that could lead to user interaction with malicious dashboards. 4. Review and harden input validation and output encoding practices within any custom iTop integrations or extensions to prevent similar injection flaws. 5. Monitor application logs and network traffic for anomalous requests or unusual dashboard access patterns that could indicate exploitation attempts. 6. Restrict access to the iTop dashboard to trusted networks or VPNs to limit exposure. 7. Regularly audit and update ITSM platform components and dependencies to maintain security posture.