CVE-2025-53105
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glpi | glpi | 10.0.19 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GLPI versions 10.0.0 to before 10.0.19 allows a connected user without administrative rights to change the execution order of rules within the application. By exploiting this flaw, an attacker can alter the sequence in which rules are processed, potentially leading to unauthorized actions or bypassing security controls. The issue has been fixed in version 10.0.19. [1, 2]
How can this vulnerability impact me? :
The vulnerability can have a high impact on confidentiality, integrity, and availability of the system. Unauthorized users can significantly compromise data confidentiality, modify data integrity, and affect system availability by changing the execution order of rules. This could lead to unauthorized actions or bypassing security controls within GLPI. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the GLPI software to version 10.0.19, which contains the security fix addressing this issue. This update prevents unauthorized users without administrative privileges from changing the execution order of rules within the system. [1, 2]