CVE-2025-53105

HIGH7.5Privilege escalation

Description

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

glpi-project / glpi>= 10.0.0, < 10.0.19 – >= 10.0.0, < 10.0.19

References

VENDOR_ADVISORYhttps://github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wc
PATCHhttps://github.com/glpi-project/glpi/releases/tag/10.0.19

Updated 6m ago · 2 sources