CVE-2025-24969

{"id": "CVE-2025-24969", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2025-05-14T16:15:27.300", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue."}, {"lang": "es", "value": "iTop es una herramienta web de gesti\u00f3n de servicios de TI. Antes de la versi\u00f3n 3.2.1, un usuario del portal pod\u00eda ver la foto de cualquier otro contacto modificando el ID de la foto en la URL. La versi\u00f3n 3.2.1 incluye una correcci\u00f3n para este problema."}], "lastModified": "2025-08-05T20:49:48.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF8B6F29-FD69-4F2C-8A50-7A32FC0FDCE0", "versionEndExcluding": "3.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}