GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Aug 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* |
Thu, 31 Jul 2025 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Glpi-project
Glpi-project glpi |
|
Vendors & Products |
Glpi-project
Glpi-project glpi |
Wed, 30 Jul 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 30 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19. | |
Title | GLPI is vulnerable to XSS and open redirection attacks through planning feature | |
Weaknesses | CWE-601 CWE-80 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-07-30T14:07:58.830Z
Updated: 2025-07-30T19:28:12.527Z
Reserved: 2025-06-20T17:42:25.710Z
Link: CVE-2025-52897

Updated: 2025-07-30T19:28:07.487Z

Status : Analyzed
Published: 2025-07-30T14:15:28.377
Modified: 2025-08-04T18:55:55.277
Link: CVE-2025-52897

No data.