CVE-2025-24799 Scanner

GLPI is an open-source IT asset management and service desk software used by organizations to manage their IT infrastructure, including inventory tracking, incident management, and ticketing. It provides a web-based interface for administrators and users to efficiently handle IT resources. Many companies, educational institutions, and government agencies utilize GLPI to streamline their IT service management processes. The software supports integration with various third-party applications, making it a flexible tool for IT professionals. GLPI is widely deployed due to its comprehensive feature set and strong community support. Regular updates and security patches are released to address vulnerabilities and improve functionality.

SQL Injection (SQLi) is a critical security vulnerability that allows attackers to manipulate SQL queries executed by a web application. This occurs when user input is not properly sanitized, allowing malicious actors to insert arbitrary SQL statements. In the case of GLPI, the vulnerability is found in the Inventory feature, where an attacker can exploit XML input processing to execute unauthorized SQL commands. If successfully exploited, the vulnerability can lead to unauthorized access to sensitive database information, including user credentials. Attackers may also modify, delete, or steal critical data stored in the system. SQL Injection vulnerabilities pose a severe risk to application security and user privacy.

The vulnerability exists in the handleAgent function of GLPI when processing XML-based inventory requests. SimpleXMLElement objects bypass the dbEscapeRecursive function, enabling attackers to inject SQL commands. By crafting a specially formatted XML payload, an attacker can manipulate the database query execution. The exploit involves sending a malicious XML request to the server, leveraging a time-based blind SQL Injection technique. This allows an attacker to verify whether the injection was successful based on the server response time. If exploited, this flaw could lead to authentication bypass and access to sensitive information stored in the GLPI database.

Successful exploitation of this vulnerability could have severe consequences for affected systems. Attackers may gain unauthorized access to database records, including user credentials, system configurations, and other sensitive data. In some cases, it could lead to privilege escalation, allowing attackers to gain administrative control over the application. Additionally, data integrity may be compromised, leading to the modification or deletion of critical records. Organizations using vulnerable versions of GLPI risk data breaches and operational disruptions. If left unpatched, this vulnerability could serve as an entry point for further attacks against the organization's IT infrastructure.

REFERENCES

• https://blog.lexfo.fr/glpi-sql-to-rce.html
• https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj
• https://nvd.nist.gov/vuln/detail/CVE-2025-24799