GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries

A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used open-source IT Service Management (ITSM) tool.

The flaw, if exploited, enables remote, unauthenticated attackers to manipulate database queries, potentially leading to severe consequences such as data theft, tampering, or even remote code execution.

CVE-2025-24799 is an SQL injection vulnerability that specifically resides in the way GLPI processes certain user inputs.

By exploiting this flaw, attackers can send malicious SQL queries, effectively bypassing authentication and gaining unauthorized access to sensitive data stored in the GLPI database.

Beyond data exfiltration, attackers might gain control over the underlying server or execute arbitrary commands, as per a report by Broadcom.

The vulnerability affects GLPI versions before 10.0.18, and experts have emphasized the critical nature of this flaw due to the widespread use of the ITSM tool in IT support, asset management, and helpdesk environments.

Product Name	Version	CVE
GLPI ITSM Tool	10.0.0 – 10.0.17	CVE-2025-24799

Impact of the Vulnerability

Security researchers have warned that the exploitation of this vulnerability could have extensive consequences:

• Data Exposure: Attackers can retrieve sensitive information about IT assets, users, or business processes from the GLPI database.
• Data Manipulation: Malicious actors could alter or corrupt data stored within the system, disrupting IT operations or business workflows.
• Potential Remote Code Execution (RCE): A compromise could lead to full system takeover by injecting malicious code into the database, leveraging the access gained for further attacks.

Given that GLPI is commonly used in corporate and governmental IT environments, the vulnerability presents a significant risk for organizations relying on this tool.

Patch and Mitigation

The GLPI development team has promptly addressed the issue in the release of version 10.0.18, which includes a patch to eliminate the vulnerability.

Organizations using GLPI are urged to update their installations immediately to mitigate any potential risk.

For those unable to update promptly, implementing additional safeguards, such as enabling a web application firewall (WAF) and closely monitoring database logs, is recommended to detect and block suspicious activity.

CVE-2025-24799 was discovered by cybersecurity researchers from a leading security firm during a routine security audit of open-source applications.

The researchers promptly reported the flaw to GLPI developers, ensuring a coordinated disclosure to minimize potential exploitation.

Organizations using GLPI should urgently upgrade to version 10.0.18 or later to prevent potential exploitation.

Cybersecurity teams are advised to perform a comprehensive review of their GLPI implementation and adopt robust security practices, such as minimizing exposure to the internet and reinforcing database access controls.

As cyber threats continue to evolve, this incident underscores the importance of proactive vulnerability management and timely patching in safeguarding IT infrastructure.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.