CVE-2025-25192

Medium CVSS: 6.5

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file.

Vendor

Glpi-project

Product

Glpi

CWE

CWE-200

Yayın Tarihi

2025-02-25 18:15:27

Güncelleme

2025-04-23 18:46:00

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Glpi MEDIUM Glpi-project 2025

Referanslar

https://github.com/glpi-project/glpi/releases/tag/10.0.18 https://github.com/glpi-project/glpi/security/advisories/GHSA-86cx-hcfc-8mm8 https://www.vicarius.io/vsociety/posts/cve-2025-25192-detection-glpi-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-25192-mitigation-glpi-vulnerability

Benzer Kayıtlar

High

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-22821

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vul…

Medium

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can…

Medium

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can…

Medium

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.…