Wednesday, April 30, 2025
HomeCVE/vulnerabilityGLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries

GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries

Published on

SIEM as a Service

Follow Us on Google News

A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used open-source IT Service Management (ITSM) tool.

The flaw, if exploited, enables remote, unauthenticated attackers to manipulate database queries, potentially leading to severe consequences such as data theft, tampering, or even remote code execution.

CVE-2025-24799 is an SQL injection vulnerability that specifically resides in the way GLPI processes certain user inputs.

- Advertisement - Google News

By exploiting this flaw, attackers can send malicious SQL queries, effectively bypassing authentication and gaining unauthorized access to sensitive data stored in the GLPI database.

Beyond data exfiltration, attackers might gain control over the underlying server or execute arbitrary commands, as per a report by Broadcom.

The vulnerability affects GLPI versions before 10.0.18, and experts have emphasized the critical nature of this flaw due to the widespread use of the ITSM tool in IT support, asset management, and helpdesk environments.

Product NameVersionCVE
GLPI ITSM Tool10.0.0 – 10.0.17CVE-2025-24799

Impact of the Vulnerability

Security researchers have warned that the exploitation of this vulnerability could have extensive consequences:

  • Data Exposure: Attackers can retrieve sensitive information about IT assets, users, or business processes from the GLPI database.
  • Data Manipulation: Malicious actors could alter or corrupt data stored within the system, disrupting IT operations or business workflows.
  • Potential Remote Code Execution (RCE): A compromise could lead to full system takeover by injecting malicious code into the database, leveraging the access gained for further attacks.

Given that GLPI is commonly used in corporate and governmental IT environments, the vulnerability presents a significant risk for organizations relying on this tool.

Patch and Mitigation

The GLPI development team has promptly addressed the issue in the release of version 10.0.18, which includes a patch to eliminate the vulnerability.

Organizations using GLPI are urged to update their installations immediately to mitigate any potential risk.

For those unable to update promptly, implementing additional safeguards, such as enabling a web application firewall (WAF) and closely monitoring database logs, is recommended to detect and block suspicious activity.

CVE-2025-24799 was discovered by cybersecurity researchers from a leading security firm during a routine security audit of open-source applications.

The researchers promptly reported the flaw to GLPI developers, ensuring a coordinated disclosure to minimize potential exploitation.

Organizations using GLPI should urgently upgrade to version 10.0.18 or later to prevent potential exploitation.

Cybersecurity teams are advised to perform a comprehensive review of their GLPI implementation and adopt robust security practices, such as minimizing exposure to the internet and reinforcing database access controls.

As cyber threats continue to evolve, this incident underscores the importance of proactive vulnerability management and timely patching in safeguarding IT infrastructure.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization

A recently discovered vulnerability in Docker Desktop for macOS is raising concerns in the developer and...

PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service

PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of...

WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy

WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial...

Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi

A major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization

A recently discovered vulnerability in Docker Desktop for macOS is raising concerns in the developer and...

PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service

PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of...

WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy

WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial...