CVE-2025-53105 HIGH

CVE-2025-53105: GLPI permits unauthorized rules execution order

Vendor Glpi-Project
Product glpi
Weakness CWE-269
Published August 27, 2025
Last update August 27, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.

Key dates

02Disclosure timeline

August 27, 2025 CVE published
August 27, 2025 Record updated