11.0.1
CVE-2026-25937 is a security vulnerability affecting GLPI, a free Asset and IT management software package. This vulnerability allows a malicious actor possessing a user's credentials to bypass Multi-Factor Authentication (MFA) and gain unauthorized access to their account. The vulnerability affects GLPI versions 11.0.0 through 11.0.5, and a fix is available in version 11.0.6.
Successful exploitation of CVE-2026-25937 allows an attacker to completely compromise a user's GLPI account, effectively gaining access to all data and functionalities associated with that account. This includes the ability to view, modify, and delete assets, users, and other critical IT management information. The impact is particularly severe in environments where GLPI is used for sensitive data management or critical infrastructure oversight. Lateral movement within the network is possible if the compromised account has elevated privileges or access to other systems. The blast radius extends to any data or systems accessible through the compromised GLPI account.
CVE-2026-25937 was publicly disclosed on 2026-03-17. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (POC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 6.5 (Medium) indicates a moderate risk level, suggesting that exploitation is possible but not highly probable without specific knowledge of user credentials.
Organizations heavily reliant on GLPI for asset and IT management are at significant risk. Specifically, those using GLPI versions 11.0.0 through 11.0.5 and lacking robust password policies or MFA implementations are particularly vulnerable. Shared hosting environments where multiple users share a single GLPI instance also face increased risk.
• php: Examine GLPI application logs for unusual authentication attempts or successful logins from unexpected IP addresses.
grep "authentication failed" /var/log/glpi/application.log• php: Check for unauthorized modifications to user accounts or asset records within GLPI.
# (Requires GLPI CLI access)
glpi-cli user:list --all | grep -i "unauthorized"• generic web: Monitor GLPI login endpoints for suspicious activity, such as repeated failed login attempts followed by a successful login. • generic web: Review GLPI access logs for unusual user agent strings or requests from unfamiliar locations.
disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25937 is to immediately upgrade GLPI to version 11.0.6 or later. If upgrading is not immediately feasible, consider implementing stricter password policies and reviewing user access controls to limit the potential impact of a compromised account. While not a direct fix, enabling more robust MFA methods (e.g., hardware tokens, biometric authentication) can provide an additional layer of security. After upgrading, verify the fix by attempting to authenticate with known valid credentials and confirming that MFA is enforced as expected.
Aktualisieren Sie GLPI auf Version 11.0.6 oder höher. Diese Version behebt die MFA-Umgehungsvulnerabilität. Das Update kann über das GLPI-Admin-Panel durchgeführt oder die neueste Version von der offiziellen Website heruntergeladen werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25937 is a medium-severity vulnerability in GLPI versions 11.0.0 through 11.0.5 that allows attackers with user credentials to bypass Multi-Factor Authentication (MFA) and steal accounts.
You are affected if you are running GLPI versions 11.0.0 through 11.0.5 and have not yet upgraded to version 11.0.6 or later.
The fix is to upgrade GLPI to version 11.0.6 or later. This resolves the MFA bypass vulnerability.
There is currently no evidence of active exploitation in the wild, and no public proof-of-concept code has been released.
Refer to the official GLPI security advisory for detailed information and updates: [https://glpi.net/security](https://glpi.net/security)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.