Cyber Resilience

CVE-2025-24799

High

Published: 18 March 2025

Published
18 March 2025
Modified
31 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2884 96.7th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24799 is a high-severity SQL Injection (CWE-89) vulnerability in Glpi-Project Glpi. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

GLPI, a free asset and IT management software package, contains a SQL injection vulnerability in its inventory endpoint that allows unauthenticated remote attackers to extract sensitive data. The flaw is tracked as CWE-89 and carries a CVSS 3.1 score of 7.5 reflecting network-accessible exploitation with no required credentials or user interaction; it was corrected in version 10.0.18.

An unauthenticated attacker can submit crafted requests to the inventory endpoint and leverage the injection to read arbitrary database contents, resulting in high-impact confidentiality loss without affecting integrity or availability.

The official GLPI security advisory recommends immediate upgrade to 10.0.18 to eliminate the vulnerable code path in the inventory handling logic.

EPSS for this CVE rose sharply from a low baseline to a peak of 0.7263 on 2026-03-03 before receding to the current value of 0.2884, indicating a clear post-disclosure increase in observed exploitation interest that warrants renewed attention.

EU & UK References

Vulnerability details

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in public-facing GLPI inventory endpoint directly maps to T1190 for exploitation; arbitrary SQL execution enables database data extraction mapping to T1213.006.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-29047Same product: Glpi-Project Glpi
CVE-2026-22044Same product: Glpi-Project Glpi
CVE-2025-66417Same product: Glpi-Project Glpi
CVE-2025-21619Same product: Glpi-Project Glpi
CVE-2026-26263Same product: Glpi-Project Glpi
CVE-2026-22247Same product: Glpi-Project Glpi
CVE-2025-23046Same product: Glpi-Project Glpi
CVE-2026-26026Same product: Glpi-Project Glpi
CVE-2025-24801Same product: Glpi-Project Glpi
CVE-2026-26027Same product: Glpi-Project Glpi

Affected Assets

glpi-project
glpi
10.0.0 — 10.0.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation directly eliminates the SQL injection vulnerability by patching GLPI to version 10.0.18.

prevent

Information input validation on the inventory endpoint prevents unauthenticated SQL injection through proper sanitization and use of prepared statements.

detect

Monitoring for information disclosure detects unauthorized data extraction resulting from SQL injection exploitation on the inventory endpoint.

References