CVE-2025-25192
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
25/02/2025
Last modified:
23/04/2025
Description
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* | 10.0.18 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/glpi-project/glpi/releases/tag/10.0.18
- https://github.com/glpi-project/glpi/security/advisories/GHSA-86cx-hcfc-8mm8
- https://www.vicarius.io/vsociety/posts/cve-2025-25192-detection-glpi-vulnerability
- https://www.vicarius.io/vsociety/posts/cve-2025-25192-mitigation-glpi-vulnerability