CVE-2026-25937

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

287

Improper Authentication

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

Likelihood of Exploit: High

View CWE Details

https://github.com/glpi-project/glpi/security/advisories/GH…

https://github.com/glpi-project/glpi/security/advisories/GHSA-2g3p-vwp2-7qxm

CVE-2026-25937

Description

Improper Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter