{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T03:03:33.403","vulnerabilities":[{"cve":{"id":"CVE-2025-52567","sourceIdentifier":"security-advisories@github.com","published":"2025-07-30T14:15:28.193","lastModified":"2025-08-04T18:54:47.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided since GLPI 10.0.4 were not robust enough for certain specific cases. This is fixed in version 10.0.19."},{"lang":"es","value":"GLPI es un paquete gratuito de software de gestión de activos y TI, que permite la gestión de centros de datos, la mesa de ayuda ITIL, el seguimiento de licencias y la auditoría de software. En las versiones 0.84 a 10.0.18, el uso de fuentes RSS o calendarios externos durante la planificación está sujeto a vulnerabilidades SSRF. Los parches de seguridad anteriores, desde GLPI 10.0.4, no eran lo suficientemente robustos para ciertos casos específicos. Esto se ha corregido en la versión 10.0.19."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionStartIncluding":"0.84","versionEndExcluding":"10.0.19","matchCriteriaId":"E4BD4507-6885-4C92-81BB-2A5CD14455C8"}]}]}],"references":[{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-5mp6-mgmh-vrq7","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}