CVE-2025-53113
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-08-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glpi-project | glpi | From 0.65 (inc) to 10.0.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GLPI versions 0.65 through 10.0.18 allows a technician to use the external links feature to access information on items they are not authorized to see. It is an unauthorized information disclosure issue fixed in version 10.0.19.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of information, allowing technicians to view data they should not have access to. This could result in exposure of sensitive or confidential information within the IT management system.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade GLPI to version 10.0.19 or later, where the issue has been fixed.