CVE-2025-53105
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-27

Last updated on: 2025-08-29

Assigner: GitHub, Inc.

Description
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-27
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-53105
EUVD
EUVD-2025-25895
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
glpi glpi 10.0.19
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in GLPI versions 10.0.0 to before 10.0.19 allows a connected user without administrative rights to change the execution order of rules within the application. By exploiting this flaw, an attacker can alter the sequence in which rules are processed, potentially leading to unauthorized actions or bypassing security controls. The issue has been fixed in version 10.0.19. [1, 2]

Impact Analysis

The vulnerability can have a high impact on confidentiality, integrity, and availability of the system. Unauthorized users can significantly compromise data confidentiality, modify data integrity, and affect system availability by changing the execution order of rules. This could lead to unauthorized actions or bypassing security controls within GLPI. [1, 2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the GLPI software to version 10.0.19, which contains the security fix addressing this issue. This update prevents unauthorized users without administrative privileges from changing the execution order of rules within the system. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart