CVE-2025-52567

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-52567
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52567.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-52567
Aliases
  • GHSA-5mp6-mgmh-vrq7
Downstream
Published
2025-07-30T14:15:28Z
Modified
2025-07-31T18:42:37Z
Summary
[none]
Details

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided since GLPI 10.0.4 were not robust enough for certain specific cases. This is fixed in version 10.0.19.

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type
GIT
Repo
https://github.com/glpi-project/glpi
Events