CVE-2025-27153 is an improper access control vulnerability identified in the escalade plugin for GLPI, a widely used open-source IT asset management and service desk software. The escalade plugin facilitates ticket escalation processes within GLPI. Versions prior to 2.9.11 of this plugin contain a flaw where access controls are insufficiently enforced, allowing unauthorized users to potentially access or manipulate escalation workflows and associated data. This vulnerability stems from CWE-284, which relates to improper access control mechanisms that fail to restrict user privileges appropriately. Exploiting this vulnerability does not require authentication or user interaction, and can be performed remotely over the network (AV:N, PR:N, UI:N). The impact includes limited confidentiality and integrity breaches, such as unauthorized exposure of ticket data and disruption of ticket escalation workflows, which could affect incident response and IT service management processes. The vulnerability has been addressed in escalade plugin version 2.9.11, and users are advised to upgrade to this or later versions to mitigate the risk. No known exploits are currently reported in the wild, but the medium CVSS score (6.5) indicates a moderate risk that should be taken seriously, especially in environments relying heavily on GLPI for critical IT operations.

For European organizations, this vulnerability poses a risk to the confidentiality and integrity of IT service management data. Unauthorized access to ticket escalation processes can lead to exposure of sensitive information, such as incident details, user data, or internal workflows. Disruption of escalation workflows may delay incident resolution, impacting operational continuity and service levels. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, could face compliance issues if sensitive data is exposed. Additionally, the disruption of IT service management workflows could indirectly affect business operations and customer satisfaction. Given GLPI's adoption in various European public and private sectors, the vulnerability could have a broad impact if left unpatched, particularly in organizations that have not implemented strict network segmentation or additional access controls around their GLPI instances.

To mitigate this vulnerability, European organizations should immediately upgrade the escalade plugin to version 2.9.11 or later. Beyond patching, organizations should implement strict network segmentation to limit access to GLPI servers, ensuring that only authorized personnel and systems can communicate with the ticketing system. Employing multi-factor authentication (MFA) for GLPI access can reduce the risk of unauthorized use. Regularly auditing user permissions and roles within GLPI and its plugins will help detect and prevent privilege escalation attempts. Monitoring GLPI logs for unusual access patterns or failed access attempts can provide early detection of exploitation attempts. Additionally, organizations should consider deploying web application firewalls (WAFs) with rules tailored to detect and block suspicious requests targeting GLPI endpoints. Finally, maintaining an up-to-date inventory of GLPI versions and plugins across the enterprise will facilitate timely patch management.