AI description
CVE-2025-24801 affects GLPI, a free IT asset management software package. The vulnerability allows an authenticated user to upload and force the execution of *.php files located on the GLPI server. This issue has been addressed and fixed in GLPI version 10.0.18. An additional vulnerability with the ID of CVE-2025-24801 has been identified in GLPI version 10.0.17 and prior. This vulnerability is related to command injection, potentially allowing a remote attacker to execute arbitrary commands on the affected system.
- Description
- GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.5
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-434
- Hype score
- Not currently trending
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/gE4mssFLWD
@_r_netsec
20 Mar 2025
859 Impressions
4 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24801: HIGH] GLPI, a free asset and IT management software, had a serious cyber security vulnerability allowing authenticated users to upload and execute PHP files. Ensure you're using version 10.0.18 f...#cybersecurity,#vulnerability https://t.co/J1Ofl1zMGs https://t.c
@CveFindCom
18 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24801 GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vuln… https://t.co/2HfA8ZdS6w
@CVEnew
18 Mar 2025
325 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GLPI, an open-source IT service management software suite, has released version 10.0.18, addressing two critical vulnerabilities found by our experts : an SQL injection (CVE-2025-24799) and a remote code execution (CVE-2025-24801). Checkout our blog post: https://t.co/INba9ohWNL.
@ambionics
18 Mar 2025
3933 Impressions
17 Retweets
54 Likes
23 Bookmarks
1 Reply
1 Quote
GLPI : 680 instances en France exposées à deux vulnérabilités critiques 2 vulnérabilité permettant l'exécution de code à distance non authentifiée : CVE-2025-24799 et CVE-2025-24801 👉 À lire sur it-connect : https://t.co/1p0sZdvdEw https://t.co/LpeLkQOtnv
@bearstech
18 Mar 2025
1944 Impressions
7 Retweets
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/oyxIqUubGE
@tbbhunter
13 Mar 2025
973 Impressions
4 Retweets
8 Likes
6 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/oTOMUNWfFW
@Dinosn
12 Mar 2025
132 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/UqjMHztzRV https://t.co/QPtyVglnMP
@secharvesterx
12 Mar 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/gE4mssFLWD
@_r_netsec
12 Mar 2025
862 Impressions
5 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes