PT-2025-31385 · Glpi · Glpi

Geraldino2

Published

2025-07-30

Updated

2025-07-30

CVE-2025-52897

Report an issue

CVSS v3.1

6.5

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

GLPI versions 9.1.0 through 10.0.18

Description:

GLPI is an Asset and IT Management Software package. An unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature.

Recommendations:

Update to version 10.0.19 or later.

Fix

Open Redirect

XSS

Weakness Enumeration

CWE-601CWE-80

Related Identifiers

CVE-2025-52897

GHSA-6WHM-Q2RP-PRQM

Affected Products

Glpi

PT-2025-31385 · Glpi · Glpi

Weakness Enumeration

Related Identifiers

Affected Products

References · 6