GLPI Open-source ITSM Tool Vulnerability Let Attackers Inject Malicious SQL Queries

A critical vulnerability in GLPI, a widely-used open-source IT Service Management (ITSM) platform tracked as CVE-2025-24799, enables unauthenticated attackers to perform SQL injection attacks through the inventory endpoint.

This flaw can lead to remote code execution (RCE), potentially resulting in a complete system compromise of the affected IT Service Management platform.

The vulnerability affects GLPI version 10.0.17 and all prior versions dating back to 10.0.0. 

Organizations utilizing this popular asset management solution are strongly advised to update immediately to version 10.0.18, which contains the necessary security patches.

CVE-2025-24799 – SQL injection vulnerability in GLPI

The vulnerability stems from inadequate sanitization of SQL queries within GLPI’s agent functionality, specifically in the handleAgent function located in /src/Agent.php. 

This component, used for inventory purposes, processes HTTP requests without proper validation, allowing attackers to inject malicious SQL commands.

A typical attack sequence involves:

• The attacker sends a crafted HTTP request to the inventory endpoint.
• The unsanitized input is processed by the database engine.
• Injected SQL commands execute with database user privileges.
• Depending on system configuration, privilege escalation to RCE is possible.

This vulnerability is particularly dangerous because it requires no authentication, providing an open attack vector for malicious actors targeting internet-exposed GLPI instances. 

The attack could allow unauthorized access to sensitive data and, under certain conditions, enable attackers to write and execute arbitrary code on affected servers.

Given that successful exploitation would enable remote attackers to run arbitrary SQL statements on the compromised system, this vulnerability is categorized as having a “High” severity.

The vulnerability was discovered and reported by Lexfo security researchers. 

The summary of the vulnerability is given below:

Risk Factors	Details
Affected Products	GLPI versions 10.0.0 to 10.0.17
Impact	Unauthenticated SQL injection, Remote code execution (RCE)
Exploit Prerequisites	– GLPI instance exposed to the internet- Native inventory feature enabled (typically default)
CVSS 3.1 Score	7.5 (High)

Mitigation Recommendations

Security experts recommend immediate implementation of the following measures:

• Update to GLPI version 10.0.18 as soon as possible.
• Implement network security controls to restrict access to GLPI instances.
• Monitor systems for potential exploitation attempts.
• Conduct security audits of GLPI deployments.

Organizations using GLPI should prioritize this update to protect critical IT assets and sensitive information from this significant security threat.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free