Security Advisory

CVE-2025-66417

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-15 16:25:03
Last updated 2026-01-15 16:45:31
Assigner GitHub_M
State PUBLISHED

Description

GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.