Login Sign Up

CVE-2025-25192

6.5 MEDIUM

📋 TL;DR

CVE-2025-25192 allows low-privileged users in GLPI to enable debug mode, potentially exposing sensitive system information. This affects GLPI installations before version 10.0.18. The vulnerability could reveal configuration details, database credentials, or other sensitive data.

💻 Affected Systems

Products:
  • GLPI
Versions: All versions prior to 10.0.18
Operating Systems: All platforms running GLPI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all GLPI installations with low-privileged user accounts enabled.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive configuration data, database credentials, or other critical system information leading to full system compromise.

🟠

Likely Case

Unauthorized users access debug information containing system details, configuration parameters, or partial sensitive data.

🟢

If Mitigated

Limited information disclosure with no critical credentials exposed due to proper access controls and monitoring.

🌐 Internet-Facing: HIGH - Internet-facing GLPI instances are directly accessible to attackers who can exploit this vulnerability.
🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to gather sensitive system information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires low-privileged user access. Exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.18

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-86cx-hcfc-8mm8

Restart Required: No

Instructions:

1. Backup your GLPI installation and database. 2. Download GLPI 10.0.18 from official sources. 3. Follow GLPI upgrade documentation to update to version 10.0.18. 4. Verify the update was successful.

🔧 Temporary Workarounds

Remove vulnerable file

linux

Delete the install/update.php file to prevent exploitation

rm /path/to/glpi/install/update.php

Restrict file permissions

linux

Set restrictive permissions on install/update.php

chmod 000 /path/to/glpi/install/update.php

🧯 If You Can't Patch

  • Implement strict access controls and monitor low-privileged user activities
  • Regularly audit and review user permissions and access patterns

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in administration panel or via version file. Versions below 10.0.18 are vulnerable.

Check Version:

cat /path/to/glpi/inc/define.php | grep 'GLPI_VERSION'

Verify Fix Applied:

Verify GLPI version is 10.0.18 or higher in administration panel. Check that install/update.php is either patched or removed.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to install/update.php
  • Debug mode activation by non-admin users
  • Unusual file access patterns in GLPI logs

Network Indicators:

  • HTTP requests to /glpi/install/update.php from low-privileged accounts

SIEM Query:

source="glpi_logs" AND (uri="/install/update.php" OR message="debug mode") AND user_role="low_privileged"

📊 Metadata

CVE ID: CVE-2025-25192
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
EPSS Score: 0.19% exploit probability (40.4th percentile)
Published: February 25, 2025
Last Updated: April 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25192, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)