top of page
perceptive_background_267k.jpg

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (tickeā€¦

Published:

14 januari 2026 om 23:00:00

Alert date:

15 januari 2026 om 18:11:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Identity & Access

CVE-2025-64516 affects GLPI, a free asset and IT management software package. The vulnerability allows unauthorized users to access GLPI documents attached to any item including tickets and assets. When the public FAQ feature is enabled, anonymous users can exploit this vulnerability to gain unauthorized access. The issue affects versions prior to 10.0.21 and 11.0.3. This represents a significant access control bypass that could lead to information disclosure. The vulnerability has been patched in versions 10.0.21 and 11.0.3.

Technical details

Mitigation steps:

Affected products:

GLPI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-64516
https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c
https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27
https://github.com/glpi-project/glpi/releases/tag/10.0.21
https://github.com/glpi-project/glpi/releases/tag/11.0.3
https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page