Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided since GLPI 10.0.4 were not robust enough for certain specific cases. This is fixed in version 10.0.19.

Published: Jul 30, 2025
Updated: Aug 5, 2025
CVE: CVE-2025-52567
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
glpi-project / glpi	0.84	10.0.19

https://github.com/glpi-project/glpi/security/advisories/GHSA-5mp6-mgmh-vrq7

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo