The GLPI Inventory Plugin, part of the GLPI project, facilitates network discovery, asset inventory, software deployment, and data collection from GLPI agents. Versions 1.5.0 and earlier contain a critical SQL Injection vulnerability identified as CVE-2025-32786 (CWE-89). This vulnerability arises from improper neutralization of special characters in SQL commands, allowing attackers to inject malicious SQL code. The flaw can be exploited remotely over the network without requiring authentication or user interaction, making it highly accessible to attackers. Successful exploitation enables attackers to extract sensitive data from the backend database, compromising confidentiality without affecting data integrity or system availability. The vulnerability was publicly disclosed on November 4, 2025, with a CVSS v3.1 base score of 7.5, indicating high severity. The vendor addressed the issue in version 1.5.1 by correcting input validation and query parameterization. Although no active exploits have been reported, the vulnerability’s nature and ease of exploitation make it a significant threat to organizations relying on GLPI Inventory Plugin for IT asset management. Attackers could leverage this flaw to access sensitive inventory data, potentially exposing internal network details and software deployment information critical for further attacks.

For European organizations, the impact of CVE-2025-32786 is substantial due to the potential exposure of sensitive inventory and network data. Confidentiality breaches could lead to leakage of internal asset details, software versions, and network topology, which adversaries can use to plan targeted attacks or lateral movement within networks. While the vulnerability does not directly affect data integrity or availability, the loss of confidentiality alone can undermine trust, violate data protection regulations such as GDPR, and cause operational disruptions if exploited in conjunction with other vulnerabilities. Organizations in sectors with stringent compliance requirements or those managing critical infrastructure are particularly vulnerable. The ease of remote exploitation without authentication increases the risk of widespread scanning and automated attacks. Failure to patch promptly could result in data exfiltration incidents, regulatory penalties, and reputational damage.

European organizations should immediately upgrade the GLPI Inventory Plugin to version 1.5.1 or later to remediate the SQL Injection vulnerability. In addition to patching, organizations should implement the following measures: 1) Conduct a thorough audit of database access logs and GLPI plugin usage to detect any anomalous queries or unauthorized access attempts. 2) Employ web application firewalls (WAFs) with SQL Injection detection rules tailored to GLPI plugin traffic to block exploitation attempts. 3) Restrict database user permissions associated with GLPI to the minimum necessary, limiting the potential damage from successful injection. 4) Regularly review and update input validation and sanitization practices in custom GLPI extensions or integrations. 5) Monitor threat intelligence feeds for any emerging exploit code or attack campaigns targeting this vulnerability. 6) Educate IT and security teams about the vulnerability specifics and ensure incident response plans include steps for SQL Injection incidents. These targeted actions will reduce the attack surface and improve detection and response capabilities beyond generic patching advice.