PT-2025-7037 · Glpi+1 · Glpi+1

Loxfo

·

Published

2025-01-23

·

Updated

2025-10-27

·

CVE-2025-24801

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.18
Description GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This can lead to remote code execution.
Recommendations GLPI versions prior to 10.0.18: Upgrade to version 10.0.18 or later.

Exploit

Fix

RCE

Unrestricted File Upload

Weakness Enumeration

CWE-434

Related Identifiers

ALT-PU-2025-10163
ALT-PU-2025-4115
BDU:2025-03181
CVE-2025-24801
GHSA-G2P3-33FF-R555

Affected Products

Alt Linux
Glpi