← volver
CVE-2025-27147

GLPI Inventory plugin has Improper Access Control Vulnerability

CVSS 8.2 HIGHEPSS 0.4%CWE-22CWE-552CWE-73
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.2EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 mar 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Productos afectados
glpi-project · glpi-inventory-plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/glpi-project/glpi-inventory-plugin/commit/aaeb26d98d07019375c25b56e60fffc195553545https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-h6x9-jm98-cw7c