Improper Access Control in GLPI Inventory Plugin by GLPI
CVE-2025-27147
8.2HIGH
What is CVE-2025-27147?
The GLPI Inventory Plugin facilitates essential functions for GLPI agents, such as network discovery, inventorying using SNMP, software deployment, and remote inventory management for VMWare ESX hosts. An improper access control vulnerability was identified in versions prior to 1.5.0, which could potentially allow unauthorized access to sensitive functionalities. This issue has been addressed in version 1.5.0, which enhances security measures to protect users from unauthorized data access.
Affected Version(s)
glpi-inventory-plugin < 1.5.0