Glpi · Glpi · CVE-2025-24801
**Name of the Vulnerable Software and Affected Versions**
GLPI versions prior to 10.0.18
**Description**
GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of `*.php` files located on the GLPI server. This can lead to remote code execution.
**Recommendations**
GLPI versions prior to 10.0.18: Upgrade to version 10.0.18 or later.