{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:05:00.525","vulnerabilities":[{"cve":{"id":"CVE-2025-64516","sourceIdentifier":"security-advisories@github.com","published":"2026-01-15T16:16:11.487","lastModified":"2026-01-21T20:53:37.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3."},{"lang":"es","value":"GLPI es un paquete de software gratuito de gestión de activos y TI. Antes de 10.0.21 y 11.0.3, un usuario no autorizado puede acceder a documentos de GLPI adjuntos a cualquier elemento (ticket, activo, ...). Si la FAQ pública está habilitada, este acceso no autorizado puede ser realizado por un usuario anónimo. Esta vulnerabilidad está corregida en 10.0.21 y 11.0.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.21","matchCriteriaId":"71497A1A-8C87-48D5-9BA2-CFFF057BC3A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.3","matchCriteriaId":"A9EA5DDA-E0E7-4530-B266-309AF584D327"}]}]}],"references":[{"url":"https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/glpi-project/glpi/releases/tag/10.0.21","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/glpi-project/glpi/releases/tag/11.0.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}