CVE-2025-53008
GLPI's MailCollector Receiver is vulnerable to credential exfiltration
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver credentials. This is fixed in version 10.0.19.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
glpi-project · glpi¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →