CVE Daily

CVE-2025-52897

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 throu...

Medium CVSS 6.5

Overview

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.

CWE: CWE-80 Published: 2025-07-30T14:15:28.377
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.5 (MEDIUM)
  • Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags