PT SWARM expert Maxim Ilyin has helped fix a vulnerability in iTop, an open-source web application used to automate IT infrastructure management and ensure uninterrupted service operations. If exploited, the vulnerability could have allowed an attacker to execute operating system commands remotely and then gain access to a company's internal infrastructure or move laterally across the network. The vendor was notified of the vulnerability under a responsible disclosure policy and released an update.
The vulnerability PT-2025-4618211 (CVE-2025-47286, BDU:2025-06926), which affects iTop versions prior to 2.7.13 and 3.2.2 respectively, has a CVSS 4.0 score of 8.6 out of 10, classified as high severity. To conduct a successful attack, an attacker would only need to obtain the password of a user with administrative rights, after which they could execute arbitrary code remotely. This flaw could potentially give attackers access to a company's internal infrastructure and data.
To address the issue, users should upgrade iTop as soon as possible to at least version 2.7.13 or 3.2.2. If applying the patch is not currently possible, Positive Technologies recommends removing iTop from the organization's external perimeter, setting strong passwords for employee accounts, and enabling multifactor authentication. These measures will reduce the risk of unauthorized access to the system.
iTop is widely used: the application has been added to favorites by nearly 1,000 users and its repository has been forked more than 250 times on GitHub.
To exploit the vulnerability, an attacker would first need to obtain administrative access to iTop. In theory, they could guess or steal a user's credentials or find a system where the application has not been fully installed. In the latter case, the attacker could complete the installation themselves and set the administrator password. With elevated privileges, the attacker could trigger data backup and execute arbitrary code.
1 The security vulnerability has been registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.
"Successful exploitation of this vulnerability could allow attackers to gain initial access to a company's internal infrastructure or move laterally within its network. Once inside the corporate segment of the internal network, attackers could access sensitive data and eventually encrypt critical information to demand a ransom."
Maxim IlyinPenetration Testing Specialist at Positive Technologies
Positive Technologies and iTop work together on responsible disclosure of discovered vulnerabilities in line with their respective policies. This partnership is an example of effective cooperation between security researchers and software vendors to improve the security of IT solutions.
To reduce the threat of remote code execution (RCE), endpoint detection and response (EDR) security solutions like MaxPatrol EDR can help. When malicious activity is detected, these products alert MaxPatrol SIEM and block the attack. In order to detect such vulnerabilities, we recommend using static and dynamic code analyzers, such as PT Application Inspector and PT BlackBox. Web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall) are also effective at blocking exploitation attempts.
For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.