CVE-2025-54780
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-08-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glpi | glpi-screenshot-plugin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54780 is a Local File Inclusion (LFI) vulnerability in the glpi-screenshot-plugin versions before 2.0.2. It allows an authenticated user to exploit the /ajax/screenshot.php endpoint to leak arbitrary files from the system or use PHP wrappers by manipulating file paths. This happens because user input improperly controls file paths used in filesystem operations, classified under CWE-73. The vulnerability is easy to exploit remotely with low privileges and no user interaction required. [1]
How can this vulnerability impact me? :
This vulnerability can lead to significant data disclosure by allowing an authenticated user to access arbitrary files on the system, potentially exposing sensitive information. Although it does not affect data integrity or availability, the confidentiality impact is high, meaning attackers can leak confidential files which could compromise system security or privacy. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can check if your glpi-screenshot-plugin version is below 2.0.2 and test the /ajax/screenshot.php endpoint for unauthorized file access by an authenticated user. For example, you can use curl commands to attempt to access sensitive files via this endpoint, such as: curl -b cookies.txt "http://your-glpi-instance/ajax/screenshot.php?file=../../../../etc/passwd" This command assumes you have authenticated and saved session cookies in cookies.txt. If the file contents are returned, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the glpi-screenshot-plugin to version 2.0.2 or later where the vulnerability is fixed. If upgrading is not immediately possible, restrict access to the /ajax/screenshot.php endpoint to trusted users only, and monitor for suspicious activity involving this endpoint. Additionally, ensure that only authenticated users with proper privileges can access this functionality. [1]