CVE-2025-21626

Name of the Vulnerable Software and Affected Versions GLPI versions 0.71 through 10.0.17

Description The issue allows an anonymous user to fetch sensitive information from the "status.php" endpoint. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions 0.71 through 10.0.17, update to version 10.0.18 to resolve the issue. As a temporary workaround, consider deleting the "status.php" file or restricting its access until a patch is available. Alternatively, remove any sensitive values from the name field of the active LDAP directories, mail servers authentication providers, and mail receivers.