High severity7.5NVD Advisory· Published Nov 4, 2025· Updated Apr 15, 2026

CVE-2025-32786

Description

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.

Affected products

Glpi Project/Glpi Inventory Pluginreferences

Patches

c07a93a5f7d4

https://github.com/glpi-project/glpi-inventory-pluginvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/glpi-project/glpi-inventory-plugin/blob/1.5.1/CHANGELOG.mdnvd
github.com/glpi-project/glpi-inventory-plugin/releases/tag/1.5.1nvd
github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-w2cp-r675-6xpqnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000