CVE-2025-53008
GLPI's MailCollector Receiver is vulnerable to credential exfiltration
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver credentials. This is fixed in version 10.0.19.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
glpi-project · glpiQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →