VYPR
Unrated severityNVD Advisory· Published Feb 25, 2025· Updated Feb 25, 2025

GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint

CVE-2025-21626

Description

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.php file, restrict its access, or remove any sensitive values from the name field of the active LDAP directories, mail servers authentication providers and mail receivers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    >=0.71, <10.0.18+ 1 more
    • (no CPE)range: >=0.71, <10.0.18
    • (no CPE)range: >= 0.71, < 10.0.18

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.