CVE-2025-27153

Escalade GLPI Plugin Vulnerable to Improper Access Control

CVSS 6.5 MEDIUMEPSS 0.2%CWE-284

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

pluginsGLPI · escalade

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11 https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9