The vulnerabilities identified as CVE-2025-24799 and CVE-2025-24801 affect GLPI, an open-source IT asset management tool. These vulnerabilities allow an unauthenticated attacker to exploit SQL injection, potentially leading to remote code execution (RCE).
Technical Details:
The root cause of these vulnerabilities lies in insufficient validation of SQL queries within the handleAgent function located in /src/Agent.php. This function is used for inventory operations and can be accessed without prior authentication. Attackers can send specially crafted HTTP requests to inject malicious SQL commands, allowing unauthorized access to sensitive data, privilege escalation, and, in some cases, remote code execution.
Affected Versions:
The vulnerability has been confirmed in GLPI version 10.0.17. However, earlier versions may also be vulnerable. Systems exposed to the internet without adequate database security measures are particularly at risk.
Recommendations:
Updating GLPI to version 10.0.18, which includes important security fixes, is strongly recommended. If updating immediately is not possible, it is advisable to disable GLPI’s native inventory feature and restrict external access to the application by limiting connections to trusted networks. Additionally, strengthening database permissions and ensuring GLPI is running with the minimum necessary privileges can mitigate the impact of a potential exploitation.
Added ONYPHE detection
This detection was added on March 13, 2025 in our engine.
