Plataforma
php
Componente
glpi
Corrigido em
11.0.1
CVE-2026-25937 is a security vulnerability affecting GLPI, a free Asset and IT management software package. This vulnerability allows a malicious actor possessing a user's credentials to bypass Multi-Factor Authentication (MFA) and gain unauthorized access to their account. The vulnerability affects GLPI versions 11.0.0 through 11.0.5, and a fix is available in version 11.0.6.
Successful exploitation of CVE-2026-25937 allows an attacker to completely compromise a user's GLPI account, effectively gaining access to all data and functionalities associated with that account. This includes the ability to view, modify, and delete assets, users, and other critical IT management information. The impact is particularly severe in environments where GLPI is used for sensitive data management or critical infrastructure oversight. Lateral movement within the network is possible if the compromised account has elevated privileges or access to other systems. The blast radius extends to any data or systems accessible through the compromised GLPI account.
CVE-2026-25937 was publicly disclosed on 2026-03-17. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (POC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 6.5 (Medium) indicates a moderate risk level, suggesting that exploitation is possible but not highly probable without specific knowledge of user credentials.
Organizations heavily reliant on GLPI for asset and IT management are at significant risk. Specifically, those using GLPI versions 11.0.0 through 11.0.5 and lacking robust password policies or MFA implementations are particularly vulnerable. Shared hosting environments where multiple users share a single GLPI instance also face increased risk.
• php: Examine GLPI application logs for unusual authentication attempts or successful logins from unexpected IP addresses.
grep "authentication failed" /var/log/glpi/application.log• php: Check for unauthorized modifications to user accounts or asset records within GLPI.
# (Requires GLPI CLI access)
glpi-cli user:list --all | grep -i "unauthorized"• generic web: Monitor GLPI login endpoints for suspicious activity, such as repeated failed login attempts followed by a successful login. • generic web: Review GLPI access logs for unusual user agent strings or requests from unfamiliar locations.
disclosure
Status do Exploit
EPSS
0.01% (percentil 2%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-25937 is to immediately upgrade GLPI to version 11.0.6 or later. If upgrading is not immediately feasible, consider implementing stricter password policies and reviewing user access controls to limit the potential impact of a compromised account. While not a direct fix, enabling more robust MFA methods (e.g., hardware tokens, biometric authentication) can provide an additional layer of security. After upgrading, verify the fix by attempting to authenticate with known valid credentials and confirming that MFA is enforced as expected.
Atualize o GLPI para a versão 11.0.6 ou superior. Esta versão corrige a vulnerabilidade de omissão de MFA. A atualização pode ser realizada através do painel de administração do GLPI ou baixando a última versão do site oficial.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-25937 is a medium-severity vulnerability in GLPI versions 11.0.0 through 11.0.5 that allows attackers with user credentials to bypass Multi-Factor Authentication (MFA) and steal accounts.
You are affected if you are running GLPI versions 11.0.0 through 11.0.5 and have not yet upgraded to version 11.0.6 or later.
The fix is to upgrade GLPI to version 11.0.6 or later. This resolves the MFA bypass vulnerability.
There is currently no evidence of active exploitation in the wild, and no public proof-of-concept code has been released.
Refer to the official GLPI security advisory for detailed information and updates: [https://glpi.net/security](https://glpi.net/security)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.