Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Dec 17, 2025
GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API
CVE-2025-64520
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.90, 0.90-RC1, 0.90-RC2, …+ 1 more
- (no CPE)range: 0.90, 0.90-RC1, 0.90-RC2, …
- (no CPE)range: >=9.1.0, <10.0.21
Patches
Vulnerability mechanics
References
2- github.com/glpi-project/glpi/commit/a3d5cc4a63ae592c0b5592ebe6d562164904dab3mitrex_refsource_MISC
- github.com/glpi-project/glpi/security/advisories/GHSA-62p9-prpq-j62qmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.