CVE-2025-24801
Published: 18 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-24801 is a high-severity vulnerability in GLPI, a free asset and IT management software package. It allows an authenticated user to upload and force the execution of arbitrary *.php files on the GLPI server, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The issue carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting significant potential impact across confidentiality, integrity, and availability when exploited.
An attacker with low-privilege authenticated access (PR:L) over the network (AV:N) can exploit this flaw, though it requires high attack complexity (AC:H). Successful exploitation enables arbitrary PHP code execution on the server, potentially granting scope-changed (S:C) high-impact control over the system, including full compromise of the GLPI instance and any associated data or resources.
The vulnerability is addressed in GLPI version 10.0.18, as detailed in the official security advisory at https://github.com/glpi-project/glpi/security/advisories/GHSA-g2p3-33ff-r555. Security practitioners should prioritize upgrading to the patched version and review access controls for authenticated users to mitigate risks.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables arbitrary PHP file upload and execution on a public-facing GLPI server, directly mapping to web shell deployment (T1505.003) and exploitation of public-facing applications for initial access (T1190).