CVE-2025-24801
Published: 18 March 2025
Summary
CVE-2025-24801 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Glpi-Project Glpi. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
GLPI, an open-source IT asset and service management application, contains an arbitrary file upload flaw tracked as CVE-2025-24801. An authenticated user can upload a PHP file to the server and then invoke it directly, resulting in code execution. The issue is classified under CWE-434 and carries a CVSS 3.1 score of 8.5; it was corrected in version 10.0.18.
An attacker who already possesses a valid GLPI account can leverage the flaw to upload and execute arbitrary PHP payloads hosted on the server. Successful exploitation grants the ability to run operating-system commands, read or modify sensitive data, and potentially pivot within the environment, satisfying the high impact ratings across confidentiality, integrity, and availability under a network-accessible but high-complexity attack path.
The official GLPI security advisory GHSA-g2p3-33ff-r555 confirms the root cause and states that upgrading to 10.0.18 fully resolves the vulnerability. No other mitigations such as configuration changes or workarounds are documented in the reference.
EPSS for the CVE remains low at 0.0298 with no material increase since disclosure, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6705
Vulnerability details
GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables arbitrary PHP file upload and execution on a public-facing GLPI server, directly mapping to web shell deployment (T1505.003) and exploitation of public-facing applications for initial access (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely remediation through patching to the fixed GLPI version 10.0.18.
Requires validation of file uploads to ensure they do not contain dangerous types like executable PHP files, addressing CWE-434 unrestricted upload.
Deploys mechanisms to scan and block malicious code such as uploaded PHP files at system entry points before execution.