CVE-2025-21619 – This SQL injection vulnerability in GLPI allows... (How to Fix)

Q: What is the severity of CVE-2025-21619?

CVE-2025-21619 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in GLPI allows administrator users to execute arbitrary SQL commands through rules configuration forms. Attackers with admin access can potentially read, modify, or delete database content. Only GLPI instances with administrator accounts are affected.

📋 TL;DR

This SQL injection vulnerability in GLPI allows administrator users to execute arbitrary SQL commands through rules configuration forms. Attackers with admin access can potentially read, modify, or delete database content. Only GLPI instances with administrator accounts are affected.

💻 Affected Systems

Products:

GLPI

Versions: Versions before 10.0.18

Operating Systems: All platforms running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator-level access to exploit. All GLPI installations with admin users are vulnerable.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or remote code execution via database functions.

🟠

Likely Case

Administrator account compromise leading to sensitive data exposure, privilege escalation, or system takeover.

🟢

If Mitigated

Limited impact if proper access controls restrict admin privileges and network segmentation is in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials. SQL injection through web interface forms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.18

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-pcmc-xv3g-hjxv

Restart Required: No

Instructions:

1. Backup your GLPI database and files. 2. Download GLPI 10.0.18 or newer from official sources. 3. Follow GLPI upgrade documentation. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit administrator accounts to only trusted personnel and implement strong authentication controls.

Network Segmentation

all

Place GLPI instance behind firewall with restricted access to admin interface.

🧯 If You Can't Patch

Implement strict access controls for administrator accounts with multi-factor authentication.
Deploy web application firewall with SQL injection protection rules.

🔍 How to Verify

Check if Vulnerable:

Check GLPI version via web interface or by examining the GLPI installation files.

Check Version:

Check GLPI web interface footer or examine inc/define.php file for version constant.

Verify Fix Applied:

Confirm GLPI version is 10.0.18 or newer via web interface or version file.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts to admin accounts
Unexpected configuration changes in rules forms

Network Indicators:

Unusual database connection patterns
SQL error messages in HTTP responses

SIEM Query:

Search for SQL keywords in POST requests to GLPI rules configuration endpoints.

📊 Metadata

CVE ID: CVE-2025-21619

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.26% exploit probability (48.7th percentile)

Published: March 18, 2025

Last Updated: July 31, 2025

🔗 References

https://github.com/glpi-project/glpi/security/advisories/GHSA-pcmc-xv3g-hjxv Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21619, you might also want to check these: