PT-2025-51790 · Glpi+2 · Glpi+2
Published
2025-12-16
·
Updated
2026-03-19
·
CVE-2025-64520
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GLPI versions 9.1.0 through 10.0.20
Description
An unauthorized user with API access can read all knowledge base entries. The issue affects GLPI versions 9.1.0 and prior to 10.0.21. The affected API allows unauthorized access to knowledge base data.
Recommendations
Upgrade to version 10.0.21 to receive a patch.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Glpi
Red Os