CVE-2025-53112 MEDIUM

CVE-2025-53112: GLPI's incomprehensive permission checks can lead to data removal from allowed users

Vendor Glpi-Project
Product glpi
Weakness CWE-284
Published July 30, 2025
Last update July 30, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.19.

Key dates

02Disclosure timeline

July 30, 2025 CVE published
July 30, 2025 Record updated