CVE-2025-53105
📋 TL;DR
In GLPI versions 10.0.0 through 10.0.18, authenticated non-admin users can manipulate business rule execution order, potentially altering system behavior. This affects all GLPI installations within the vulnerable version range where users have standard authenticated access.
💻 Affected Systems
- GLPI (Gestionnaire Libre de Parc Informatique)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could reorder critical business rules to bypass security controls, manipulate data flows, or disrupt IT service management operations.
Likely Case
Privilege escalation or unauthorized modification of business logic affecting asset management, ticket routing, or approval workflows.
If Mitigated
Limited impact if proper access controls and rule validation are implemented alongside network segmentation.
🎯 Exploit Status
Requires authenticated user access but no administrative privileges. Exploitation is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.0.19
Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wc
Restart Required: No
Instructions:
1. Backup your GLPI database and files. 2. Download GLPI 10.0.19 from official repository. 3. Follow standard GLPI upgrade procedure. 4. Verify upgrade completion and test functionality.
🔧 Temporary Workarounds
Restrict User Access
allTemporarily limit non-essential user accounts to reduce attack surface
Enhanced Monitoring
allImplement strict monitoring of business rule modifications and user activities
🧯 If You Can't Patch
- Implement strict access controls and review all user permissions
- Deploy network segmentation to isolate GLPI instance from critical systems
🔍 How to Verify
Check if Vulnerable:
Check GLPI version in Administration > General > Information. If version is between 10.0.0 and 10.0.18 inclusive, system is vulnerable.Check Version:
Check GLPI web interface or examine glpi/config/config_db.php for version informationVerify Fix Applied:
After upgrade, confirm version shows 10.0.19 or higher in Administration > General > Information.📡 Detection & Monitoring
Log Indicators:
- Unusual business rule modification events
- Multiple rule order changes from non-admin users
- Unexpected workflow behavior
Network Indicators:
- Unusual API calls to rule management endpoints from non-admin accounts
SIEM Query:
source="glpi" AND (event_type="rule_modification" OR event_type="business_rule_change") AND user_role!="admin"