IT Business Management

In Ansible versions up to 4.50.3 a medium severity vulnerability CVE-2025-53862 was detected. This vulnerability allows attackers to access three API endpoints that return verbose responses, potentially exposing sensitive information. To fix this issue, users should upgrade Ansible to version 4.52.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53862.

In Ansible version 2.x a low severity vulnerability CVE‑2025‑53861 was detected. This vulnerability allows attackers to intercept session data or hijack user sessions by exploiting insecure cookies transmitted over unencrypted connections. To fix this issue, users should upgrade Ansible to version 4.52.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53861.

In Ansible Automation Platform’s EDA component, all versions before 1.1.10 a high severity vulnerability CVE-2025-49520 was detected. This vulnerability allows attackers to execute arbitrary system commands on the EDA worker by injecting malicious arguments into the git ls-remote command, potentially leading to sensitive data exposure, such as Kubernetes or OpenShift service account tokens, and full cluster compromise. To fix this issue, users should upgrade Ansible Automation Platform’s EDA component to version 1.1.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49520.

In Ansible Automation Platform’s EDA component, all versions before 1.1.11 a high severity vulnerability CVE-2025-49521 was detected. This vulnerability allows attackers to execute arbitrary commands or access sensitive files on the system. To fix this issue, users should upgrade Ansible Automation Platform’s EDA component to version 1.1.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49521.

In iTop versions prior to 3.1.3 and 3.2.1 a medium severity vulnerability CVE-2024-56157 was detected. This vulnerability allows attackers to perform a cross-site scripting (XSS) attack by injecting malicious code into CSV content, which is executed when importing the file. To address this issue, users should upgrade iTop to versions 3.1.3 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56157.

In iTop versions prior to 2.7.12, 3.1.3 and 3.2.1 a medium severity vulnerability CVE-2024-52601 was detected. This vulnerability allows authenticated portal users to access unauthorized objects by querying an unprotected route. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.3 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52601.

In Combodo iTop versions prior to 2.7.12, 3.1.2 and 3.2.0 a medium severity vulnerability CVE-2025-27139 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks when the preferences page is opened. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.2, 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27139.

In iTop version 16.0 a high severity vulnerability CVE-2024-53588 was detected. This vulnerability allows attackers to run malicious code on the system by tricking iTop VPN into loading a fake DLL file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53588.

In iTop versions before 2.7.11, from including 3.0.0-alpha and before 3.1.2, and from including 3.2.0-alpha1 and before 3.2.0 a high severity vulnerability CVE-2024-54139 was detected. This vulnerability allows attackers to perform cross-site scripting, which can lead to cross-site request forgery via the `_table_id` parameter. To address this issue, users should upgrade iTop to versions 2.7.11, 3.1.2, or 3.2.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-54139.