PT-2025-12806 · Glpi+1 · Glpi Inventory Plugin+1

Published

2025-03-25

Updated

2025-04-03

CVE-2025-27147

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions prior to 1.5.0

Description The GLPI Inventory Plugin handles various tasks for GLPI agents, including network discovery and inventory, software deployment, and data collection. It has an improper access control issue.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 to fix the vulnerability.

Exploit

Fix

RCE

Path traversal

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-22CWE-552

Related Identifiers

BDU:2025-07590

CVE-2025-27147

GHSA-H6X9-JM98-CW7C

Affected Products

Glpi Inventory Plugin

Red Os

PT-2025-12806 · Glpi+1 · Glpi Inventory Plugin+1

CVE-2025-27147

Weakness Enumeration

Related Identifiers

Affected Products

References · 13