CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver...

CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver...

CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver...

CVE-2025-52897 GLPI is vulnerable to XSS and open redirection attacks through planning feature

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19...

CVE-2025-52897 GLPI is vulnerable to XSS and open redirection attacks through planning feature

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19...

CVE-2025-52897 GLPI is vulnerable to XSS and open redirection attacks through planning feature

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19...

CVE-2025-52897

GLPI planning feature vulnerability: versions 9.1.0–10.0.18 allow unauthenticated users to send a malicious link to conduct phishing. Root cause described in multiple sources as inadequate filtering/handling of links within the planning module (with some references labeling it as XSS and open red...

CVE-2025-52567

GLPI vulnerability CVE-2025-52567 affects GLPI versions 0.84–10.0.18 where using RSS feeds or external calendars during planning allows SSRF. The issue is fixed in version 10.0.19. Related sources note an unauthenticated access path via the planning feature (phishing context) and server-side requ...

CVE-2025-52567 GLPI has overly permissive URL verification

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2025-52567 GLPI has overly permissive URL verification

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2025-52567 GLPI has overly permissive URL verification

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

PT-2025-31384 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.84 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. Versions 0.84 through 10.0.18 are susceptible to a Server-Side Request Forgery SSRF exploit when using RSS feeds or external calendars for...

PT-2025-31389 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.65 through 10.0.18 Description: GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use...

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 安全漏洞

GLPI is a free asset and IT management software suite. A security vulnerability exists in GLPI versions 0.80 through 10.0.18, which originates from the system not validating permissions on some resource access requests. An attacker could exploit the vulnerability to gain unauthorized access to...

GLPI 安全漏洞

GLPI is an open source IT asset and service management software suite that provides ITIL service desk functionality, license tracking and software auditing capabilities. A security vulnerability exists in GLPI versions 0.65 through 10.0.18, which originates from a technician being able to utilize...

PT-2025-31385 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1.0 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. An unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. Recommendations: Update to version...

PT-2025-31388 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1.0 through 10.0.18 Description: GLPI is an Asset and IT Management Software package providing ITIL Service Desk features, licenses tracking, and software auditing. A lack of permission checks in affected versions can result i...

PT-2025-31387 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. A missing permission check can allow unauthorized access to some resources. Recommendations: Update to version 10.0.19 or later...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...