CVE-2025-25192 Information

Description

GLPI is a free asset and IT management software package. Prior to version 10.0.18 a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround one may delete the install/update.php file.

Reference

https://github.com/glpi-project/glpi/releases/tag/10.0.18 https://github.com/glpi-project/glpi/security/advisories/GHSA-86cx-hcfc-8mm8