PT-2025-31384 · Glpi · Glpi
Geraldino2
·
Published
2025-07-30
·
Updated
2025-07-30
·
CVE-2025-52567
CVSS v3.1
3.5
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |
Fix
SSRF
Weakness Enumeration
Related Identifiers
Affected Products
Glpi
Geraldino2
·
Published
2025-07-30
·
Updated
2025-07-30
·
CVE-2025-52567
3.5
Low
| Base vector | Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
GLPI versions 0.84 through 10.0.18
Description:
GLPI is an Asset and IT Management Software package. Versions 0.84 through 10.0.18 are susceptible to a Server-Side Request Forgery (SSRF) exploit when using RSS feeds or external calendars for planning purposes. Previous security patches implemented since GLPI 10.0.4 were insufficient in certain scenarios.
Recommendations:
Update to version 10.0.19 or later.
Fix
SSRF