CVE-2025-53105
HIGH EPSS 25.0%
Published Aug 27, 202510mo ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Aug 27, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
25.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-269 Improper Privilege Management Authorization
References 2
- github.com https://github.com/glpi-project/glpi/releases/tag/10.0.19
- github.com https://github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wc
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.