CVE-2025-53105

HIGH EPSS 25.0%
Published Aug 27, 202510mo ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Aug 27, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.

CVSS Details

Base Score
7.5
Exploitability
1.6
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
25.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

References 2

  • github.com https://github.com/glpi-project/glpi/releases/tag/10.0.19
  • github.com https://github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wc

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.