CVE-2025-52897 Information

Description

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18 an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-6whm-q2rp-prqm

Related CNNVD

CNNVD-202507-3774 (Published: 2025-07-30)