CVE-2025-52567 LOW

CVE-2025-52567: GLPI has overly permissive URL verification

Vendor Glpi-Project
Product glpi
Weakness CWE-918 · SSRF
Published July 30, 2025
Last update July 30, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided since GLPI 10.0.4 were not robust enough for certain specific cases. This is fixed in version 10.0.19.

Key dates

02Disclosure timeline

July 30, 2025 CVE published
July 30, 2025 Record updated