CVE-2025-64516 – This vulnerability allows unauthorized users to... (How to Fix)

Q: What is the severity of CVE-2025-64516?

CVE-2025-64516 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthorized users to access documents attached to any item in GLPI (tickets, assets, etc.). If the public FAQ feature is enabled, even anonymous users can exploit this flaw. All GLPI instances running versions before 10.0.21 or 11.0.3 are affected.

📋 TL;DR

This vulnerability allows unauthorized users to access documents attached to any item in GLPI (tickets, assets, etc.). If the public FAQ feature is enabled, even anonymous users can exploit this flaw. All GLPI instances running versions before 10.0.21 or 11.0.3 are affected.

💻 Affected Systems

Products:

GLPI

Versions: All versions before 10.0.21 and all versions before 11.0.3

Operating Systems: All platforms running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: Public FAQ feature must be enabled for anonymous exploitation, but authenticated unauthorized users can exploit regardless of FAQ setting.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of all sensitive documents including confidential tickets, asset information, and internal documentation to anonymous internet users.

🟠

Likely Case

Unauthorized access to sensitive documents by authenticated users with limited permissions or anonymous users when public FAQ is enabled.

🟢

If Mitigated

Limited exposure if proper access controls and network segmentation are in place, but still violates data confidentiality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of document URLs or enumeration, but is straightforward once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.21 or 11.0.3

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46

Restart Required: No

Instructions:

1. Backup your GLPI database and files. 2. Download GLPI 10.0.21 or 11.0.3 from official releases. 3. Follow standard GLPI upgrade procedure for your version. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Disable Public FAQ

all

Disable the public FAQ feature to prevent anonymous exploitation

Navigate to Setup > General > FAQ and disable 'Allow anonymous access to FAQ'

Restrict Document Access via Web Server

all

Configure web server to restrict access to GLPI document directories

Add appropriate .htaccess rules or nginx location blocks to restrict access to /files/_documents/ directory

🧯 If You Can't Patch

Disable public FAQ feature immediately
Implement network-level restrictions to limit GLPI access to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in Setup > General > Information. If version is below 10.0.21 (for 10.x) or below 11.0.3 (for 11.x), you are vulnerable.

Check Version:

Check version in GLPI web interface or examine GLPI_VERSION constant in inc/define.php

Verify Fix Applied:

After patching, attempt to access a document URL without proper authentication. Access should be denied.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /files/_documents/ paths
Multiple failed authentication attempts followed by document access

Network Indicators:

Unusual traffic patterns to document URLs from unauthenticated sources

SIEM Query:

source="glpi_access.log" AND (uri_path="/files/_documents/*" AND NOT user_agent="Authenticated User")

📊 Metadata

CVE ID: CVE-2025-64516

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.05% exploit probability (13.8th percentile)

Published: January 15, 2026

Last Updated: January 21, 2026

🔗 References

https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c Patch
https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27 Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.21 Release Notes
https://github.com/glpi-project/glpi/releases/tag/11.0.3 Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64516, you might also want to check these: