GLPI, a widely used asset and IT management platform, has a flaw that permits a user employing remote authentication through SSO variables to seize an existing session belonging to another user on the same machine. This session theft enables the attacker to access GLPI resources with the privileges of the hijacked user, leading to unauthorized data disclosure and potential manipulation of system settings. The weakness stems from improper handling of session identifiers during SSO authentication and is classified as session fixation (CWE-384).

Vulnerable GLPI installations cover all releases from version 0.71 up to, but not including, 10.0.23, and from any 11.x release before 11.0.5. The issue was addressed in GLPI 10.0.23 and 11.0.5 and later, as indicated by the release notes and official advisories. Systems running older versions, especially those that rely on external SSO authentication, remain at risk until the patch is applied.

The CVSS score of 4.3 rates this vulnerability as moderate, and the EPSS score is below 1%, suggesting a presently low likelihood of exploitation. Because the flaw requires SSO authentication and access to the same machine, it is likely to be exploited by users with local or shared workstation access rather than by purely remote attackers. The vulnerability is not included in the CISA KEV catalog, indicating no known large‑scale active exploitation at this time, but patching should remain a priority to mitigate potential risk.