Main Vulnerability Database Vulnerabilities #VU125054

#VU125054 Improper access control in GLPI - CVE-2025-53113

Published: April 7, 2026

Vulnerability identifier: #VU125054

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-53113

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GLPI

Software vendor:
glpi-project

Description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the external links feature when fetching information on items through external links. A remote privileged user can use the external links feature to access information on items they are not allowed to see to disclose sensitive information.

Remediation

Install security update from vendor's website.

External links

https://github.com/glpi-project/glpi/security/advisories/GHSA-r2mm-6499-4m8j

#VU125054 Improper access control in GLPI - CVE-2025-53113

Description

Remediation

External links

Please verify you're human