CVE-2025-53112 – CVE-2025-53112 is an improper access control vu... (How to Fix)

Q: What is the severity of CVE-2025-53112?

CVE-2025-53112 has a CVSS score of 4.3 (MEDIUM). CVE-2025-53112 is an improper access control vulnerability in GLPI that allows unauthorized users to delete specific resources. This affects GLPI installations running versions 9.1.0 through 10.0.18. Attackers can exploit this to remove important data without proper permissions.

📋 TL;DR

CVE-2025-53112 is an improper access control vulnerability in GLPI that allows unauthorized users to delete specific resources. This affects GLPI installations running versions 9.1.0 through 10.0.18. Attackers can exploit this to remove important data without proper permissions.

💻 Affected Systems

Products:

GLPI

Versions: 9.1.0 through 10.0.18

Operating Systems: All platforms running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: All GLPI installations in the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical IT asset management data could be permanently deleted, disrupting service desk operations and compliance tracking.

🟠

Likely Case

Unauthorized deletion of tickets, assets, or configuration items, causing data loss and operational disruption.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent unauthorized access to the GLPI interface.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but bypasses permission checks for specific deletion actions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.19

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-rp7w-6343-3m2r

Restart Required: No

Instructions:

1. Backup your GLPI database and files
2. Download GLPI 10.0.19 or later from the official repository
3. Follow the GLPI upgrade documentation for your version
4. Verify the upgrade completed successfully

🔧 Temporary Workarounds

Restrict Access to GLPI Interface

all

Limit network access to GLPI to only authorized users and networks

Implement Additional Authentication Controls

all

Add multi-factor authentication or IP-based restrictions to GLPI login

🧯 If You Can't Patch

Implement strict network segmentation to isolate GLPI from untrusted networks
Enforce principle of least privilege for all GLPI user accounts and monitor for suspicious deletion activities

🔍 How to Verify

Check if Vulnerable:

Check GLPI version via the web interface (Setup > General > Information) or by examining the GLPI installation files

Check Version:

Check GLPI web interface or examine the inc/define.php file for version information

Verify Fix Applied:

Confirm version is 10.0.19 or later and test deletion permissions with non-admin accounts

📡 Detection & Monitoring

Log Indicators:

Unexpected DELETE operations in GLPI logs
Deletion activities from non-administrative user accounts
Multiple rapid deletion requests

Network Indicators:

HTTP DELETE requests to GLPI API endpoints from unauthorized sources

SIEM Query:

source="glpi.log" AND (action="delete" OR method="DELETE") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-53112

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-284

EPSS Score: 0.04% exploit probability (11th percentile)

Published: July 30, 2025

Last Updated: August 4, 2025

🔗 References

https://github.com/glpi-project/glpi/security/advisories/GHSA-rp7w-6343-3m2r Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53112, you might also want to check these: