Primary

Context

GLPI Unauthorized Access to Debug Mode Vulnerability

Vulnerability

Patched

A vulnerability exists in GLPI versions prior to 10.0.18, allowing low-privileged users to enable debug mode and access sensitive information. This issue arises because the 'install/update.php' file remains accessible after installation, creating a potential security risk. Exploiting this vulnerability can lead to unauthorized access and system compromise.

Impact

Enabling debug mode can expose sensitive information, potentially leading to unauthorized actions or system compromise.

Reproduction

To reproduce this vulnerability, verify if the GLPI installation is on a version prior to 10.0.18. Check for the presence of the 'install/update.php' file, which should not be accessible after installation. If this file is found, the system is vulnerable to CVE-2025-25192.

Remediation

Users can upgrade to GLPI version 10.0.18, which addresses this vulnerability. Alternatively, the 'install/update.php' file can be deleted to mitigate the issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

8.3

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

8.3

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Unauthorized Access to Debug Mode Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating