CVE-2025-23024

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 25, 2025

Updated: Mar 4, 2025

CWE ID 285

Summary

CVE-2025-23024 is a vulnerability affecting GLPI, a free IT management software. In versions prior to 10.0.18, an anonymous user could disable all active plugins, potentially leading to significant functionality loss. Version 10.0.18 includes a patch to resolve this issue. As a temporary measure, deleting the `install/update.php` file is suggested to prevent the attack.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib
Glpi-project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2W1sog
https://www.cve.org/CVERecord?id=CVE-2025-23024
https://nvd.nist.gov/vuln/detail/CVE-2025-23024

Back to Vulnerability Database