A crucial SQL injection vulnerability, tracked as CVE-2025-24799, has been recognized in GLPI, a extensively used open-source IT Service Administration (ITSM) software.
The flaw, if exploited, permits distant, unauthenticated attackers to control database queries, doubtlessly resulting in extreme penalties akin to information theft, tampering, and even distant code execution.
CVE-2025-24799 is an SQL injection vulnerability that particularly resides in the best way GLPI processes sure consumer inputs.
By exploiting this flaw, attackers can ship malicious SQL queries, successfully bypassing authentication and gaining unauthorized entry to delicate information saved within the GLPI database.
Past information exfiltration, attackers would possibly acquire management over the underlying server or execute arbitrary instructions, as per a report by Broadcom.
The vulnerability impacts GLPI variations earlier than 10.0.18, and specialists have emphasised the crucial nature of this flaw because of the widespread use of the ITSM software in IT assist, asset administration, and helpdesk environments.
Influence of the Vulnerability
Safety researchers have warned that the exploitation of this vulnerability might have in depth penalties:
- Knowledge Publicity: Attackers can retrieve delicate details about IT belongings, customers, or enterprise processes from the GLPI database.
- Knowledge Manipulation: Malicious actors might alter or corrupt information saved inside the system, disrupting IT operations or enterprise workflows.
- Potential Distant Code Execution (RCE): A compromise might result in full system takeover by injecting malicious code into the database, leveraging the entry gained for additional assaults.
On condition that GLPI is often utilized in company and governmental IT environments, the vulnerability presents a big danger for organizations counting on this software.
Patch and Mitigation
The GLPI improvement crew has promptly addressed the problem within the launch of model 10.0.18, which features a patch to get rid of the vulnerability.
Organizations utilizing GLPI are urged to replace their installations instantly to mitigate any potential danger.
For these unable to replace promptly, implementing further safeguards, akin to enabling an internet utility firewall (WAF) and intently monitoring database logs, is really useful to detect and block suspicious exercise.
CVE-2025-24799 was found by cybersecurity researchers from a number one safety agency throughout a routine safety audit of open-source purposes.
The researchers promptly reported the flaw to GLPI builders, guaranteeing a coordinated disclosure to reduce potential exploitation.
Organizations utilizing GLPI ought to urgently improve to model 10.0.18 or later to forestall potential exploitation.
Cybersecurity groups are suggested to carry out a complete evaluation of their GLPI implementation and undertake sturdy safety practices, akin to minimizing publicity to the web and reinforcing database entry controls.
As cyber threats proceed to evolve, this incident underscores the significance of proactive vulnerability administration and well timed patching in safeguarding IT infrastructure.
Are you from SOC/DFIR Groups? – Analyse Malware, Phishing Incidents & get reside Entry with ANY.RUN -> Begin Now for Free.