CVE-2025-64516

HIGH

GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-64516. PoCs published by ArdNoir.

AI-analyzed exploit summary This PoC exploits an unauthorized document access vulnerability in GLPI (CVE-2025-64516) by bypassing the `Document::canViewFileFromItem()` filter, allowing unauthenticated access to documents attached to any item. The script iterates through document IDs and checks for accessible files based on content type and magic bytes.

Description

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

Exploits (1)

nomisec WORKING POC 1 stars
by ArdNoir · poc
https://github.com/ArdNoir/CVE-2025-64516-POC

This PoC exploits an unauthorized document access vulnerability in GLPI (CVE-2025-64516) by bypassing the `Document::canViewFileFromItem()` filter, allowing unauthenticated access to documents attached to any item. The script iterates through document IDs and checks for accessible files based on content type and magic bytes.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GLPI versions >= 10.0.0, < 11.0.0 and >= 11.0.0
No auth needed
Prerequisites: Knowledge of a valid `items_id` from a published FAQ or similar item
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.5
EPSS 0.0028
EPSS Percentile 19.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-284 CWE-639
Status published
Products (1)
glpi-project/glpi 10.0.0 - 10.0.21
Published Jan 15, 2026
Tracked Since Feb 18, 2026