CVE-2025-52897 in glpi
Summary
by MITRE • 07/30/2025
GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/04/2025
The vulnerability identified as CVE-2025-52897 affects GLPI, a widely-used free asset and IT management software package that serves organizations for tracking and managing their IT infrastructure. This particular flaw exists within versions 9.1.0 through 10.0.18, creating a significant security risk for organizations relying on this platform for their IT management operations. The vulnerability specifically targets the planning feature of the software, which is commonly used to schedule and organize IT activities and resource allocation. The issue stems from insufficient authentication requirements that allow any unauthenticated user to exploit the system's planning functionality, potentially enabling malicious actors to craft deceptive links designed to deceive users into revealing sensitive information or performing unintended actions.
The technical implementation of this vulnerability involves the planning module's handling of user requests without proper verification of user credentials or session validation. When a user accesses the planning feature, the system should typically require authentication to ensure that only authorized personnel can interact with scheduling data and planning functionalities. However, this flaw allows unauthenticated access to generate and distribute malicious links that can be used to initiate phishing attacks. The vulnerability essentially creates a backdoor through which attackers can manipulate the planning interface to deliver deceptive content or redirect users to malicious websites. This weakness is classified under CWE-287, which deals with improper authentication, and represents a critical gap in the software's access control mechanisms that directly impacts the integrity and confidentiality of the IT management environment.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it enables sophisticated social engineering attacks that can compromise the entire IT management ecosystem. An attacker who successfully exploits this vulnerability can craft malicious links that appear legitimate within the GLPI interface, potentially tricking administrators or users into providing credentials, clicking on malicious attachments, or performing actions that could lead to further system compromise. The planning feature typically contains sensitive information about IT resources, scheduled maintenance windows, and user activities, making it an attractive target for attackers seeking to gain deeper access to the organization's IT infrastructure. This vulnerability particularly affects organizations that rely heavily on GLPI for their IT asset management and planning, as it undermines the trust model that should exist between legitimate users and the system's interface, potentially leading to data breaches, unauthorized system modifications, or complete compromise of the IT management platform.
Organizations utilizing GLPI versions 9.1.0 through 10.0.18 should immediately implement mitigations while planning for the mandatory upgrade to version 10.0.19, which contains the necessary patches to address this vulnerability. The primary mitigation strategy involves applying the vendor-provided security update as soon as possible, which should include proper authentication checks for all planning feature access points. Additionally, network administrators should consider implementing additional security controls such as web application firewalls that can detect and block suspicious link patterns or unauthorized access attempts to the planning module. Security monitoring should be enhanced to detect unusual access patterns or attempts to manipulate planning data without proper authentication. Organizations should also conduct immediate security assessments to identify any potential exploitation attempts that may have occurred before the patch was applied. The remediation process should include comprehensive testing to ensure that the update does not disrupt existing legitimate planning operations while providing the necessary security protections. This vulnerability serves as a reminder of the critical importance of maintaining up-to-date software versions and implementing proper access controls in IT management platforms, as these systems often serve as central points of access to sensitive organizational data and operations.