SQL Injection Vulnerability in GLPI Asset and IT Management Software
CVE-2025-21619
8.2HIGH
What is CVE-2025-21619?
GLPI, an open-source asset and IT management software, has a security vulnerability that allows administrator users to perform SQL injection attacks through its rules configuration forms. This flaw can potentially lead to unauthorized access to the database and extraction of sensitive information. The issue has been addressed in version 10.0.18, highlighting the importance for users to upgrade their installations to mitigate risks associated with this vulnerability.
Affected Version(s)
glpi >= 0.78, < 10.0.18