CVE-2024-11955
Published: 25 February 2025
Summary
CVE-2024-11955 is a medium-severity Open Redirect (CWE-601) vulnerability in Glpi-Project Glpi. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53934
Vulnerability details
A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can…
more
be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The open redirect vulnerability in the public-facing GLPI web application (/index.php?redirect=) enables remote exploitation to redirect users to arbitrary malicious sites (T1190). This directly facilitates spearphishing link attacks by crafting trusted-looking URLs that redirect to phishing pages (T1566.002).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.