CVE-2025-64516

High CVSS: 7.5

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

Vendor

Glpi-project

Product

Glpi

CWE

CWE-284

Yayın Tarihi

2026-01-15 16:16:11

Güncelleme

2026-01-21 20:53:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Glpi HIGH Glpi-project 2026

Referanslar

https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27 https://github.com/glpi-project/glpi/releases/tag/10.0.21 https://github.com/glpi-project/glpi/releases/tag/11.0.3 https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46

Benzer Kayıtlar

High

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-22821

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vul…

Medium

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can…

Medium

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can…

Medium

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.…