Description

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

INFO

Published Date :

2026-01-15T16:01:03.470Z

Last Modified :

2026-01-15T16:08:18.590Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64516 vulnerability.

Vendors Products
Glpi-project
  • Glpi
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64516.

URL Resource
https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c cve-icon cve-icon
https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27 cve-icon cve-icon
https://github.com/glpi-project/glpi/releases/tag/10.0.21 cve-icon cve-icon
https://github.com/glpi-project/glpi/releases/tag/11.0.3 cve-icon cve-icon
https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact