CVE-2025-53113 — Improper Access Control in Glpi

CWE-284 — Improper Access Control CWE-862 — Missing Authorization CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 84.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi Msrc Azl3 Kernel 6.6.57.1-7 ON Azure Linux 3.0 Msrc Azl3 Kernel 6.6.64.2-1 ON Azure Linux 3.0 +2 more

Timeline

PublishedJul 30

Description

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch information on items they do not have the right to see. This is fixed in version 10.0.19.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages6 packages

▶NVDglpi-project/glpi0.65 — 10.0.19

▶CVEListV5glpi-project/glpi>= 0.65, < 10.0.19

▶msrcmsrc/azl3_kernel_6.6.57.1-7_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.64.2-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_kernel_5.15.176.3-1_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2025-53113: GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk fe↗2025-07-30

▶

📋Vendor Advisories

Microsoft

mm: fix NULL pointer dereference in alloc_pages_bulk_noprof↗2024-12-10

▶