CVE-2025-21626

Summary

CVE-2025-21626 is a vulnerability affecting GLPI, a free asset and IT management software. Versions prior to 10.0.18 allow anonymous users to access sensitive information through the `status.php` endpoint. This issue can result in exposure of data, including LDAP directory information and mail server authentication credentials. Users can mitigate the risk by removing sensitive values from affected configurations, restricting access to the `status.php` file, or deleting the file altogether. The vulnerability is resolved in version 10.0.18.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.