SQL Injection Vulnerability in GLPI Inventory Plugin Affects Multiple Versions
CVE-2025-32786

7.5HIGH

Key Information:

Vendor

GLPI Project
Status
Glpi-inventory-plugin
Vendor
CVE Published:
4 November 2025

What is CVE-2025-32786?

The GLPI Inventory Plugin, responsible for network discovery, software deployment, and data management for GLPI agents, is vulnerable to SQL Injection in versions 1.5.0 and earlier. This security flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Users are strongly encouraged to upgrade to version 1.5.1, where this vulnerability has been addressed, to ensure the protection of their systems.

Affected Version(s)

glpi-inventory-plugin < 1.5.1

References

https://github.com/glpi-project/glpi-inventory-plugin/sec...
x_refsource_CONFIRM
https://github.com/glpi-project/glpi-inventory-plugin/blo...
x_refsource_MISC
https://github.com/glpi-project/glpi-inventory-plugin/rel...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-32786 : SQL Injection Vulnerability in GLPI Inventory Plugin Affects Multiple Versions