Monday, March 31, 2025
HomeCVE/vulnerabilityGLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries

GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries

Published on

SIEM as a Service

Follow Us on Google News

A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used open-source IT Service Management (ITSM) tool.

The flaw, if exploited, enables remote, unauthenticated attackers to manipulate database queries, potentially leading to severe consequences such as data theft, tampering, or even remote code execution.

CVE-2025-24799 is an SQL injection vulnerability that specifically resides in the way GLPI processes certain user inputs.

By exploiting this flaw, attackers can send malicious SQL queries, effectively bypassing authentication and gaining unauthorized access to sensitive data stored in the GLPI database.

Beyond data exfiltration, attackers might gain control over the underlying server or execute arbitrary commands, as per a report by Broadcom.

The vulnerability affects GLPI versions before 10.0.18, and experts have emphasized the critical nature of this flaw due to the widespread use of the ITSM tool in IT support, asset management, and helpdesk environments.

Product NameVersionCVE
GLPI ITSM Tool10.0.0 – 10.0.17CVE-2025-24799

Impact of the Vulnerability

Security researchers have warned that the exploitation of this vulnerability could have extensive consequences:

  • Data Exposure: Attackers can retrieve sensitive information about IT assets, users, or business processes from the GLPI database.
  • Data Manipulation: Malicious actors could alter or corrupt data stored within the system, disrupting IT operations or business workflows.
  • Potential Remote Code Execution (RCE): A compromise could lead to full system takeover by injecting malicious code into the database, leveraging the access gained for further attacks.

Given that GLPI is commonly used in corporate and governmental IT environments, the vulnerability presents a significant risk for organizations relying on this tool.

Patch and Mitigation

The GLPI development team has promptly addressed the issue in the release of version 10.0.18, which includes a patch to eliminate the vulnerability.

Organizations using GLPI are urged to update their installations immediately to mitigate any potential risk.

For those unable to update promptly, implementing additional safeguards, such as enabling a web application firewall (WAF) and closely monitoring database logs, is recommended to detect and block suspicious activity.

CVE-2025-24799 was discovered by cybersecurity researchers from a leading security firm during a routine security audit of open-source applications.

The researchers promptly reported the flaw to GLPI developers, ensuring a coordinated disclosure to minimize potential exploitation.

Organizations using GLPI should urgently upgrade to version 10.0.18 or later to prevent potential exploitation.

Cybersecurity teams are advised to perform a comprehensive review of their GLPI implementation and adopt robust security practices, such as minimizing exposure to the internet and reinforcing database access controls.

As cyber threats continue to evolve, this incident underscores the importance of proactive vulnerability management and timely patching in safeguarding IT infrastructure.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution

Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the...

Weaponized Zoom Installer Used by Hackers to Gain RDP Access and Deploy BlackSuit Ransomware

Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors utilized a trojanized...

Konni RAT Exploit Windows Explorer Limitations To Launches a Multi-Stage Attack & Steal Data

Konni RAT, a highly advanced Remote Access Trojan (RAT), has emerged as a significant...

Hewlett Packard RCE Vulnerability Allows Attackers to Bypass Authentication and Execute Remote Commands

A critical unauthenticated remote code execution (RCE) vulnerability in HPE Insight Cluster Management Utility...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution

Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the...

Weaponized Zoom Installer Used by Hackers to Gain RDP Access and Deploy BlackSuit Ransomware

Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors utilized a trojanized...

Konni RAT Exploit Windows Explorer Limitations To Launches a Multi-Stage Attack & Steal Data

Konni RAT, a highly advanced Remote Access Trojan (RAT), has emerged as a significant...