CVE-2025-25192: 
GLPI vulnerability analysis and mitigation

GLPI, a free asset and IT management software package, was found to contain a security vulnerability (CVE-2025-25192) that affects versions prior to 10.0.18. The vulnerability was discovered and disclosed on February 25, 2025, allowing low-privileged users to enable debug mode and access sensitive information (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low-level privileges, requires no user interaction, has unchanged scope, and can result in high confidentiality impact without affecting integrity or availability (GitHub Advisory).

The vulnerability allows low-privileged users to enable debug mode, which can lead to unauthorized access to sensitive information. The confidentiality impact is rated as high, though there are no direct impacts on system integrity or availability (GitHub Advisory).

The vulnerability has been patched in GLPI version 10.0.18. As a workaround, administrators can delete the install/update.php file if immediate updating is not possible (GitHub Release, GitHub Advisory).