Improper Access Control in GLPI Inventory Plugin by GLPI
CVE-2025-27147

8.2HIGH

Key Information:

Vendor: GLPI Project
Status: Glpi-inventory-plugin
Vendor: CVE Published:; 25 March 2025

Summary

The GLPI Inventory Plugin facilitates essential functions for GLPI agents, such as network discovery, inventorying using SNMP, software deployment, and remote inventory management for VMWare ESX hosts. An improper access control vulnerability was identified in versions prior to 1.5.0, which could potentially allow unauthorized access to sensitive functionalities. This issue has been addressed in version 1.5.0, which enhances security measures to protect users from unauthorized data access.

Affected Version(s)

glpi-inventory-plugin < 1.5.0

References

https://github.com/glpi-project/glpi-inventory-plugin/sec...

x_refsource_CONFIRM

https://github.com/glpi-project/glpi-inventory-plugin/com...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Feb 19, 2025