← Volver a CVEs
CVE-2025-53113
LOW2.7
Descripcion
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch information on items they do not have the right to see. This is fixed in version 10.0.19.
Detalles CVE
Puntuacion CVSS v3.12.7
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado7/30/2025
Ultima modificacion8/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
glpi-project:glpi
Debilidades (CWE)
CWE-284CWE-862
Referencias
https://github.com/glpi-project/glpi/security/advisories/GHSA-r2mm-6499-4m8j(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.