CVE-2025-52567: GLPI SSRF Vulnerability in RSS and External Calendar Integration

GLPI, a popular open-source IT asset management software, has addressed a Server-Side Request Forgery (SSRF) vulnerability in versions 0.84 through 10.0.18. This flaw could allow attackers to potentially interact with internal systems or external resources through the GLPI server.

Vulnerability Details

CVE ID: CVE-2025-52567
Description: GLPI versions 0.84 through 10.0.18 are susceptible to an SSRF vulnerability when handling RSS feeds or external calendar integrations during planning activities. Previous security patches were insufficient for certain specific attack scenarios.
CVSS Score: 3.5 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CVSS Explanation: This vulnerability has a low CVSS score due to the high attack complexity and limited impact. While the attacker can potentially leak some confidential information (C:L), there is no impact on integrity (I:N) or availability (A:N). The 'CHANGED' scope indicates that exploiting this vulnerability can affect resources beyond the attacker's initial access.
Exploit Requirements: An attacker needs to have low-level privileges within GLPI to exploit this vulnerability. Successful exploitation may require careful crafting of malicious RSS feeds or calendar entries.
Affected Vendor: GLPI
Affected Product: GLPI
Affected Versions: 0.84 through 10.0.18
CWE: CWE-918 - Server-Side Request Forgery (SSRF). SSRF occurs when a web application allows an attacker to control or modify the destination to which the server sends requests. This can be used to access internal resources, read sensitive data, or perform actions on behalf of the server.

Timeline of Events

2025-07-30: CVE-2025-52567 was published.
2025-07-30: Security advisory released by GLPI project.
2025-07-31: Public awareness and analysis of the vulnerability.

Exploitability & Real-World Risk

The SSRF vulnerability in GLPI could be exploited by an attacker with low-level access to potentially probe internal network resources. While the CVSS score is low, the real-world risk depends on the internal network configuration and security measures. Attackers could potentially use this flaw to discover internal services, read configuration files, or even interact with internal APIs that are not directly exposed to the internet.

Recommendations

Upgrade to version 10.0.19 or later: The vulnerability is fixed in version 10.0.19. Upgrading is the most effective way to mitigate this risk.
Review RSS feed and calendar integrations: Carefully examine any RSS feeds or external calendars integrated with GLPI. Ensure that these sources are trusted and do not contain malicious content.
Implement network segmentation: Segregate the GLPI server from sensitive internal resources to limit the impact of a successful SSRF attack.
Monitor network traffic: Monitor outbound network traffic from the GLPI server for suspicious activity.

Technical Insight

The vulnerability stems from insufficient validation of URLs provided in RSS feeds and external calendar configurations. An attacker could supply a malicious URL that points to an internal resource, causing the GLPI server to make a request on their behalf. The updated version of GLPI likely includes improved URL validation and sanitization to prevent SSRF attacks.

Credit to Researcher(s)

This vulnerability was reported through the GLPI project's security advisory program.

References

GLPI Security Advisory

CVE-2025-52567: GLPI SSRF Vulnerability in RSS and External Calendar Integration

CVE-2025-52567: GLPI SSRF Vulnerability in RSS and External Calendar Integration

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form