CVE-2025-27147HIGH 8.2EPSS p29.7%

CVE-2025-27147CVE-2025-27147

Description

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
EPSS0.38% probability of exploitation · percentile 29.7% · 2026-06-19T12:03:05Z
Published2025-03-25
Last modified2026-04-15

Underlying weaknesses· 3

CWE-22CWE-73CWE-552

References

  1. https://github.com/glpi-project/glpi-inventory-plugin/commit/aaeb26d98d07019375c25b56e60fffc195553545
  2. https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-h6x9-jm98-cw7c

3

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live
WeaknessFiles or Directories Accessible to External Partiescwe-5520%live
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26001
CVE
CVE-2025-66417
CVE
CVE-2025-24799
CVE
CVE-2026-29047
CVE
CVE-2025-24801
CVE
CVE-2025-21619
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.