Main Vulnerability Database Vulnerabilities #VU125058

#VU125058 Server-Side Request Forgery (SSRF) in GLPI - CVE-2025-52567

Published: April 7, 2026

Vulnerability identifier: #VU125058

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-52567

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GLPI

Software vendor:
glpi-project

Description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to server-side request forgery (SSRF) in RSS feeds and external calendar handling in planning when processing user-supplied feed or calendar URLs. A remote user can supply a crafted URL to disclose sensitive information.

The issue is blind in nature and affects usage of RSS feeds or external calendar in planning.

Remediation

Install security update from vendor's website.

External links

https://github.com/glpi-project/glpi/security/advisories/GHSA-5mp6-mgmh-vrq7

#VU125058 Server-Side Request Forgery (SSRF) in GLPI - CVE-2025-52567

Description

Remediation

External links

Please verify you're human