VYPR
Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Dec 17, 2025

GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

CVE-2025-64520

Description

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/GlpiOSV2 versions
    0.90, 0.90-RC1, 0.90-RC2, …+ 1 more
    • (no CPE)range: 0.90, 0.90-RC1, 0.90-RC2, …
    • (no CPE)range: >=9.1.0, <10.0.21

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.