AI description
CVE-2025-24801 affects GLPI, a free IT asset management software package. The vulnerability allows an authenticated user to upload and force the execution of *.php files located on the GLPI server. This issue has been addressed and fixed in GLPI version 10.0.18. An additional vulnerability with the ID of CVE-2025-24801 has been identified in GLPI version 10.0.17 and prior. This vulnerability is related to command injection, potentially allowing a remote attacker to execute arbitrary commands on the affected system.
- Description
- GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- glpi
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-434
- Hype score
- Not currently trending
Dragon Drop: this week's NEW releases 🐉🚨🔥 💥 New modules: → PEN-200 | Extra Mile: Offensive Cloud Lab 03: https://t.co/PbIgeip0bQ → EXP-301 | VMware Workstation Guest-To-Host Escape: https://t.co/cwP0Ks6hIf 🪲 New CVE labs: → CVE-2025-24801: https://t.co/xz
@offsectraining
30 Jul 2025
3722 Impressions
4 Retweets
44 Likes
9 Bookmarks
1 Reply
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/Gq2XIbJ44Z
@pentest_swissky
6 May 2025
1671 Impressions
8 Retweets
24 Likes
12 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/gE4mssFLWD
@_r_netsec
20 Mar 2025
859 Impressions
4 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24801: HIGH] GLPI, a free asset and IT management software, had a serious cyber security vulnerability allowing authenticated users to upload and execute PHP files. Ensure you're using version 10.0.18 f...#cybersecurity,#vulnerability https://t.co/J1Ofl1zMGs https://t.c
@CveFindCom
18 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24801 GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vuln… https://t.co/2HfA8ZdS6w
@CVEnew
18 Mar 2025
325 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GLPI, an open-source IT service management software suite, has released version 10.0.18, addressing two critical vulnerabilities found by our experts : an SQL injection (CVE-2025-24799) and a remote code execution (CVE-2025-24801). Checkout our blog post: https://t.co/INba9ohWNL.
@ambionics
18 Mar 2025
3933 Impressions
17 Retweets
54 Likes
23 Bookmarks
1 Reply
1 Quote
GLPI : 680 instances en France exposées à deux vulnérabilités critiques 2 vulnérabilité permettant l'exécution de code à distance non authentifiée : CVE-2025-24799 et CVE-2025-24801 👉 À lire sur it-connect : https://t.co/1p0sZdvdEw https://t.co/LpeLkQOtnv
@bearstech
18 Mar 2025
1944 Impressions
7 Retweets
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/oyxIqUubGE
@tbbhunter
13 Mar 2025
973 Impressions
4 Retweets
8 Likes
6 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/oTOMUNWfFW
@Dinosn
12 Mar 2025
132 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/UqjMHztzRV https://t.co/QPtyVglnMP
@secharvesterx
12 Mar 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/gE4mssFLWD
@_r_netsec
12 Mar 2025
862 Impressions
5 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E2FC267-04C0-429B-91BD-B5E634AFBC4B",
"versionEndExcluding": "10.0.18",
"versionStartIncluding": "0.85"
}
],
"operator": "OR"
}
]
}
]