CNNVD-202507-3775 Information

CNNVD ID

CNNVD-202507-3775

Related CVE

CVE-2025-53008

• CNNVD Published: 2025-07-30

Description (Chinese)

GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口，你可以用它来建立数据库全面管理IT的电脑，显示器，服务器，打印机，网络设备，电话，甚至硒鼓和墨盒等。 GLPI 9.3.1至10.0.19版本存在安全漏洞，该漏洞源于连接用户使用恶意有效载荷，可能导致窃取邮件接收者凭据。

Description (English)

GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. There is a security loophole in GLPI versions 9.3.1 to 10.0.19, which arises from the use of malicious payloads by connectors and may lead to the theft of documents from mail recipients.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GLPI

Published

2025-07-30

Last Modified

2026-02-24

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-52h8-76ph-4j9q

Patch

https://glpi-project.org/downloads/