Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN561
_____________________________________________________________________

DATE                : 29/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running glpi versions prior to
                                     10.0.19.

=====================================================================
https://github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wc
_____________________________________________________________________

Unauthorized rules execution order update
High
cedric-anne published GHSA-334r-2682-95wc Aug 27, 2025

Package
glpi (glpi)

Affected versions
>= 10.0.0

Patched versions
10.0.19


Description

Impact

A connected user without administration rights can change the rules
execution order.


Patches

Upgrade to 10.0.19.


For more information

If you have any questions or comments about this advisory, mail us
at glpi-security@ow2.org.


Severity
High
7.5/ 10
CVSS v3 base metrics
Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2025-53105

Weaknesses
No CWEs


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================