CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/07/30 2:17 p.m.•11 views

CVE-2025-53357 GLPI permits reservation modification by unauthorized users

5.4CVSS0.00164EPSS

CVE•added 2025/07/30 2:17 p.m.•35 views

CVE-2025-53357

GLPI (Gestionnaire Libre de Parc Informatique) is affected in versions 0.78–10.0.18, where a connected user can alter another user’s reservations. The issue is fixed in version 10.0.19. Affected products: GLPI Asset/IT Management software; impact: permission/reservation modification by an authent...

5.4CVSS6.5AI score0.00164EPSS

Vulnrichment•added 2025/07/30 2:16 p.m.•2 views

CVE-2025-53113 GLPI technicians can access unauthorized information through external links

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

2.7CVSS6.1AI score0.00213EPSS

OSV•added 2025/07/30 2:16 p.m.•4 views

CVE-2025-53113 GLPI technicians can access unauthorized information through external links

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

2.7CVSS4.4AI score0.00213EPSS

Cvelist•added 2025/07/30 2:16 p.m.•6 views

CVE-2025-53113 GLPI technicians can access unauthorized information through external links

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

2.7CVSS0.00213EPSS

CVE•added 2025/07/30 2:16 p.m.•30 views

CVE-2025-53113

GLPI contains a permission/authorization bypass in the external links feature. In versions 0.65 through 10.0.18, a technician can use external links to retrieve information about items they do not have rights to see, leading to unauthorized access to sensitive data. This is fixed in version 10.0....

2.7CVSS6.3AI score0.00213EPSS

NVD•added 2025/07/30 2:15 p.m.•3 views

CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

5CVSS0.00168EPSS

NVD•added 2025/07/30 2:15 p.m.•8 views

CVE-2025-52897

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19...

6.5CVSS0.002EPSS

NVD•added 2025/07/30 2:15 p.m.•5 views

CVE-2025-53008

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver...

6.5CVSS0.00238EPSS

CVE•added 2025/07/30 2:15 p.m.•26 views

CVE-2025-53112

GLPI (versions 9.1.0–10.0.18) has a permission-checking weakness that can allow unauthorized removal of specific resources. The root cause is lack of permission checks on certain deletion actions. The issue is fixed in version 10.0.19. Mitigation is to upgrade to 10.0.19 or apply vendor-provided ...

4.3CVSS6.4AI score0.00181EPSS

OSV•added 2025/07/30 2:15 p.m.•3 views

CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.1...

4.3CVSS4.3AI score0.00181EPSS

Cvelist•added 2025/07/30 2:15 p.m.•5 views

CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users

4.3CVSS0.00181EPSS

Vulnrichment•added 2025/07/30 2:15 p.m.•3 views

CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users

4.3CVSS6.2AI score0.00181EPSS

OSV•added 2025/07/30 2:15 p.m.•3 views

UBUNTU-CVE-2025-52897

6.5CVSS5.8AI score0.002EPSS

OSV•added 2025/07/30 2:14 p.m.•6 views

CVE-2025-53111 GLPI exposes data to non-allowed users

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19...

6.5CVSS4.2AI score0.00239EPSS

CVE•added 2025/07/30 2:14 p.m.•34 views

CVE-2025-53111

The CVE-2025-53111 entry concerns GLPI, a Free Asset and IT Management Software. Affected versions are 0.80 through 10.0.18, where inadequate permission checks allow unauthorized access to certain resources. The issue is resolved in version 10.0.19. Connected sources confirm the core problem is a...

6.5CVSS6.3AI score0.00239EPSS

Cvelist•added 2025/07/30 2:14 p.m.•7 views

CVE-2025-53111 GLPI exposes data to non-allowed users

6.5CVSS0.00239EPSS

Vulnrichment•added 2025/07/30 2:14 p.m.•2 views

CVE-2025-53111 GLPI exposes data to non-allowed users

6.5CVSS6.2AI score0.00239EPSS

CVE•added 2025/07/30 2:9 p.m.•30 views

CVE-2025-53008

CVE-2025-53008 affects GLPI, exposing mail receiver credentials via a malicious payload. Connected versions 9.3.1–10.0.19 are affected; root cause involves credential exfiltration through a payload in the mail/receiver flow. A fix is available in version 10.0.19 . Additional related advisories no...

6.5CVSS6.4AI score0.00238EPSS