Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-64516
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-15 Jan, 2026 | 16:01
Updated At-15 Jan, 2026 | 16:08
Rejected At-
▼CVE Numbering Authority (CNA)
GLPI incorrectly authorizes access to documents

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

Affected Products
Vendor
GLPI Projectglpi-project
Product
glpi
Versions
Affected
  • >= 10.0.0, < 10.0.21
  • >= 11.0.0, < 11.0.3
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
CWECWE-639CWE-639: Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-639
Description: CWE-639: Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46
x_refsource_CONFIRM
https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c
x_refsource_MISC
https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27
x_refsource_MISC
https://github.com/glpi-project/glpi/releases/tag/10.0.21
x_refsource_MISC
https://github.com/glpi-project/glpi/releases/tag/11.0.3
x_refsource_MISC
Hyperlink: https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c
Resource:
x_refsource_MISC
Hyperlink: https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27
Resource:
x_refsource_MISC
Hyperlink: https://github.com/glpi-project/glpi/releases/tag/10.0.21
Resource:
x_refsource_MISC
Hyperlink: https://github.com/glpi-project/glpi/releases/tag/11.0.3
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found