High severity7.5OSV Advisory· Published Aug 27, 2025· Updated Apr 15, 2026

CVE-2025-53105

Description

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.

Affected products

Glpi Project/GlpiOSV
Range: 10.0.0, 10.0.1, 10.0.10, …

Patches

cacbc037d59a

https://github.com/glpi-project/glpivia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/glpi-project/glpi/releases/tag/10.0.19nvd
github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wcnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000