Cyber Resilience

CVE-2025-66417

High

Published: 15 January 2026

Published
15 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0044 34.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-66417 is a high-severity SQL Injection (CWE-89) vulnerability in Glpi-Project Glpi. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-66417 is a SQL injection vulnerability (CWE-89) in GLPI, a free asset and IT management software package. The flaw affects versions from 11.0.0 up to but not including 11.0.3, allowing an unauthenticated user to perform SQL injection through the inventory endpoint.

The vulnerability can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N), no user interaction (UI:N), and no change in scope (S:U). Successful exploitation enables high confidentiality impact (C:H) with no integrity (I:N) or availability (A:N) disruption, as reflected in its CVSS v3.1 base score of 7.5, potentially allowing attackers to extract sensitive data from the underlying database.

The issue is addressed in GLPI version 11.0.3. Additional mitigation guidance is available in the GitHub security advisory at https://github.com/glpi-project/glpi/security/advisories/GHSA-p467-682w-9cc9.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated SQL injection in a public-facing inventory endpoint of GLPI enables exploitation of public-facing applications for data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21619Same product: Glpi-Project Glpi
CVE-2026-26263Same product: Glpi-Project Glpi
CVE-2026-22044Same product: Glpi-Project Glpi
CVE-2025-24799Same product: Glpi-Project Glpi
CVE-2026-29047Same product: Glpi-Project Glpi
CVE-2025-23046Same product: Glpi-Project Glpi
CVE-2026-22247Same product: Glpi-Project Glpi
CVE-2025-64516Same product: Glpi-Project Glpi
CVE-2026-26026Same product: Glpi-Project Glpi
CVE-2025-24801Same product: Glpi-Project Glpi

Affected Assets

glpi-project
glpi
11.0.0 — 11.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-66417 by requiring timely flaw remediation through patching to GLPI version 11.0.3.

prevent

Prevents SQL injection in the inventory endpoint by validating all untrusted inputs for correctness and malicious content.

prevent

Blocks SQL injection payloads by restricting input types, lengths, and formats accepted at the vulnerable inventory endpoint.

References