CVE-2025-24799 Scanner

GLPI is an IT asset management software used by organizations to manage their IT infrastructure. It is widely utilized by IT departments for inventory management, tracking assets, and offering IT support. The software offers features such as ticket management, license tracking, and network management. GLPI is commonly adopted by medium to large enterprises and educational institutions to streamline their IT operations. Its flexible architecture allows integration with various plugins, enhancing its functionality according to specific organizational needs. Its deployment can be on-premises or cloud-based, offering diverse settings that cater to different IT environments.

The SQL Injection vulnerability found in GLPI is particularly severe due to its pre-authentication nature. Pre-authentication SQL Injection vulnerabilities allow attackers to manipulate SQL queries without any initial valid credentials. In this case, the issue lies in the Inventory feature, attributed to improper sanitization within the handleAgent function. Malicious actors can exploit this vulnerability by sending specially crafted XML requests. The vulnerability enables unauthorized access to the database, potentially exposing sensitive information, including user credentials. Furthermore, it presents a risk of effective authentication bypass.

Technically, the vulnerability is rooted in the mishandling of SimpleXMLElement objects, which can bypass the dbEscapeRecursive function. This allows for injection of arbitrary SQL queries. The maliciously crafted XML payload interacts with the ‘deviceid’ parameter, exploiting SQL Sleep function for validation. The vulnerability is confirmed by analyzing response times, with a delay matching the duration specified by the attacker's query as a clear indicator. It combines logical errors in input validation with SQL query formation risks, thereby bypassing standard access controls.

Exploitation of this vulnerability can have severe impacts on the affected systems. Successful SQL Injection attacks may lead to unauthorized access to sensitive data, such as user credentials, opening avenues for further attacks. Additional risks include authentication bypass, leading to administrative access control breaches. Database integrity may be compromised, potentially facilitating data tampering or deletion, causing operational disruption. The exploitation may further act as a pivot point for launching other attacks, such as Denial of Service (DoS) or Remote Code Execution (RCE). The overall system's security posture would be significantly weakened, increasing overall risk exposure.

REFERENCES

• https://blog.lexfo.fr/glpi-sql-to-rce.html
• https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj
• https://nvd.nist.gov/vuln/detail/CVE-2025-24799