Plattform
php
Komponente
glpi-inventory-plugin
Behoben in
1.5.1
CVE-2025-27147 describes an improper access control vulnerability affecting the GLPI Inventory Plugin. This flaw allows unauthorized users to potentially access and manipulate sensitive data managed by the plugin, leading to data breaches or system compromise. The vulnerability impacts versions of the plugin prior to 1.5.0, and a patch has been released in version 1.5.0.
The improper access control within the GLPI Inventory Plugin allows an attacker to bypass authorization checks and access resources they shouldn't. Given the plugin's functionality, this could include sensitive network discovery data (SNMP), software deployment configurations, VMWare ESX host inventory details, and collected files and registry entries. Successful exploitation could lead to the exfiltration of confidential information, modification of system configurations, or even the execution of arbitrary commands on managed systems, depending on the permissions associated with the accessed resources. The blast radius extends to all systems managed by GLPI that utilize the Inventory Plugin.
CVE-2025-27147 was publicly disclosed on 2025-03-25. There is no indication of active exploitation or KEV listing at this time. Public proof-of-concept exploits are not currently available, but the nature of the access control vulnerability suggests that it is likely to be targeted once publicly available exploits are developed.
Organizations utilizing GLPI for IT asset management and specifically deploying the Inventory Plugin are at risk. This includes environments with multiple user roles and granular access controls, as the vulnerability could be exploited to escalate privileges and gain unauthorized access to sensitive inventory data. Shared hosting environments running GLPI are also particularly vulnerable, as they may have limited control over plugin updates and security configurations.
• php: Examine GLPI plugin files for insecure access control checks. Search for instances where user authentication or authorization is bypassed.
grep -r 'user_id' /path/to/glpi/plugins/inventory/ • generic web: Monitor GLPI access logs for unusual activity, such as requests to plugin endpoints from unauthorized IP addresses or user accounts.
grep "Unauthorized" /var/log/apache2/access.log | grep /plugins/inventory/ disclosure
Exploit-Status
EPSS
0.20% (41% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-27147 is to immediately upgrade the GLPI Inventory Plugin to version 1.5.0 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing stricter access controls within GLPI itself to limit the potential impact of the vulnerability. Review and restrict user permissions to the minimum necessary for their roles. While a direct WAF rule is unlikely to be effective, implementing general GLPI security best practices, such as regular security audits and input validation, can help reduce the overall attack surface. After upgrading, confirm the fix by attempting to access plugin resources with a user account that should not have access.
Actualice el plugin GLPI Inventory a la versión 1.5.0 o superior. Esta versión contiene la corrección para la vulnerabilidad de control de acceso inadecuado. La actualización se puede realizar a través del panel de administración de GLPI o descargando la nueva versión desde el sitio web oficial del plugin.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-27147 is a HIGH severity access control vulnerability affecting GLPI Inventory Plugin versions prior to 1.5.0, allowing unauthorized access to sensitive inventory data.
You are affected if you are using GLPI Inventory Plugin versions earlier than 1.5.0. Check your plugin version and upgrade immediately if necessary.
Upgrade the GLPI Inventory Plugin to version 1.5.0 or later to resolve this vulnerability. Implement stricter access controls within GLPI as a temporary measure.
As of the current disclosure date, there is no confirmed active exploitation, but the vulnerability's nature suggests potential for exploitation.
Refer to the official GLPI security advisories on the GLPI website for the latest information and updates regarding CVE-2025-27147.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.