CVE-2025-52897 – GLPI versions 9.1.0 through 10.0.18 contain a v... (How to Fix)

Q: What is the severity of CVE-2025-52897?

CVE-2025-52897 has a CVSS score of 6.5 (MEDIUM). GLPI versions 9.1.0 through 10.0.18 contain a vulnerability in the planning feature that allows unauthenticated attackers to craft malicious links for phishing attacks. This affects all GLPI instances running vulnerable versions, potentially exposing users to credential theft or malware installation.

📋 TL;DR

GLPI versions 9.1.0 through 10.0.18 contain a vulnerability in the planning feature that allows unauthenticated attackers to craft malicious links for phishing attacks. This affects all GLPI instances running vulnerable versions, potentially exposing users to credential theft or malware installation.

💻 Affected Systems

Products:

GLPI

Versions: 9.1.0 through 10.0.18

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All GLPI installations with planning feature enabled are vulnerable.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users click malicious links leading to credential harvesting, malware installation, or further compromise of internal systems through social engineering.

🟠

Likely Case

Phishing campaigns targeting GLPI users to steal credentials or deliver malware via seemingly legitimate planning links.

🟢

If Mitigated

Users trained to recognize phishing attempts prevent successful exploitation despite vulnerable software.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking link) but is trivial for attackers to craft malicious URLs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.19

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-6whm-q2rp-prqm

Restart Required: No

Instructions:

1. Backup GLPI database and files. 2. Download GLPI 10.0.19 or later. 3. Follow official upgrade documentation. 4. Verify planning feature functionality post-upgrade.

🔧 Temporary Workarounds

Disable Planning Feature

all

Temporarily disable the planning feature to prevent exploitation.

UPDATE glpi_configs SET value = '0' WHERE name = 'use_planning';

🧯 If You Can't Patch

Implement web application firewall rules to block suspicious planning URLs
Deploy email security controls to filter phishing attempts targeting GLPI users

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in Administration > General > Information. If version is between 9.1.0 and 10.0.18 inclusive, system is vulnerable.

Check Version:

SELECT value FROM glpi_configs WHERE name = 'version';

Verify Fix Applied:

Confirm version is 10.0.19 or later and test planning feature with legitimate URLs.

📡 Detection & Monitoring

Log Indicators:

Unusual planning URL patterns in GLPI logs
Multiple failed authentication attempts following planning link access

Network Indicators:

Outbound connections to suspicious domains after planning feature access

SIEM Query:

source="glpi" AND (url="*planning*" AND url="*http://*" OR url="*https://*")

📊 Metadata

CVE ID: CVE-2025-52897

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-80

EPSS Score: 0.07% exploit probability (21th percentile)

Published: July 30, 2025

Last Updated: August 4, 2025

🔗 References

https://github.com/glpi-project/glpi/security/advisories/GHSA-6whm-q2rp-prqm Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52897, you might also want to check these: