CVE-2024-11955

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 25, 2025

Updated: Mar 4, 2025

CWE ID 601

Summary

CVE-2024-11955 is a newly disclosed vulnerability affecting GLPI up to version 10.0.17. This issue lies in an unknown functionality of the /index.php file and results in an open redirect. An attacker can exploit this vulnerability remotely by manipulating the argument redirect. The exploit has been made public, increasing the risk. Upgrading to GLPI version 10.0.18 is an effective solution to mitigate this issue, and it is strongly recommended to apply the update as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib
Glpi-project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1AWSkx
https://www.cve.org/CVERecord?id=CVE-2024-11955
https://nvd.nist.gov/vuln/detail/CVE-2024-11955

Back to Vulnerability Database