Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN763
_____________________________________________________________________

DATE                : 04/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running glpiinventory versions prior to
                                         1.5.1.

=====================================================================
https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-w2cp-r675-6xpq
_____________________________________________________________________


Unauthenticated SQL Injection
High
trasher published GHSA-w2cp-r675-6xpq Nov 4, 2025

Package
glpiinventory (glpi)

Affected versions
<= 1.5.0

Patched versions
1.5.1


Description

Impact

Unauthenticated SQL Injection


Patches

Upgrade to 1.5.1.


Severity
High
7.5/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE ID
CVE-2025-32786

Weaknesses
Weakness CWE-89


Credits

    @Guilhem7 Guilhem7 Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================