CVE-2025-23046

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 25, 2025

Updated: Feb 28, 2025

CWE ID 303

Summary

CVE-2025-23046 is a vulnerability affecting GLPI, a free IT management software. In versions 9.5.0 and below up to 10.0.17, if a "Mail servers" authentication provider is set up to use an Oauth connection via the OauthIMAP plugin, unauthorized users can connect to GLPI using already established Oauth authorizations. Version 10.0.18 includes a patch to address this issue. As a temporary measure, disabling Oauth connections to "Mail servers" authentication providers is recommended.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Glpi-project GLPI
GLPI Project

Affected Vendors

Teclib
Glpi-project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2W0j9w
https://www.cve.org/CVERecord?id=CVE-2025-23046
https://nvd.nist.gov/vuln/detail/CVE-2025-23046

Back to Vulnerability Database