GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 27 Aug 2025 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Glpi-project
Glpi-project glpi
Vendors & Products Glpi-project
Glpi-project glpi

Wed, 27 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 27 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
Description GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.
Title GLPI permits unauthorized rules execution order
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-27T14:53:44.518Z

Reserved: 2025-06-25T13:41:23.086Z

Link: CVE-2025-53105

cve-icon Vulnrichment

Updated: 2025-08-27T14:53:36.946Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-27T15:15:39.897

Modified: 2025-08-29T16:24:09.860

Link: CVE-2025-53105

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-27T21:57:31Z