CVE-2025-32786 identifies a critical SQL Injection vulnerability in the GLPI Inventory Plugin, a component of the GLPI project used for network discovery, inventory tracking, software deployment, and data collection from GLPI agents. Versions 1.5.0 and earlier fail to properly sanitize or neutralize special characters in SQL commands, classified under CWE-89. This improper input validation allows remote attackers to inject malicious SQL code directly into database queries without requiring authentication or user interaction. The vulnerability is remotely exploitable over the network (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is primarily on confidentiality (C:H), as attackers can extract sensitive information from the backend database, but it does not affect integrity or availability. The vulnerability was reserved in April 2025 and published in November 2025, with no known public exploits reported to date. The fix is available in GLPI Inventory Plugin version 1.5.1, which properly sanitizes inputs to prevent injection. Organizations using affected versions should upgrade promptly to avoid potential data breaches. The plugin’s role in managing IT assets and software deployments makes this vulnerability particularly concerning for environments where GLPI is integrated into critical infrastructure management workflows.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive IT asset and network inventory data managed via GLPI. Unauthorized access to such data can lead to further targeted attacks, espionage, or compliance violations under regulations such as GDPR. Since the vulnerability allows remote exploitation without authentication, attackers can potentially access internal network information, software deployment details, and other sensitive metadata. This exposure could facilitate lateral movement within networks or aid in crafting more sophisticated attacks. Public sector entities and large enterprises that rely heavily on GLPI for asset management are at higher risk, potentially impacting operational security and trust. Although the vulnerability does not directly affect data integrity or system availability, the confidentiality breach alone can have severe reputational and regulatory consequences. The absence of known exploits in the wild provides a window for proactive mitigation, but the ease of exploitation and high CVSS score underscore the urgency for patching.

1. Immediately upgrade the GLPI Inventory Plugin to version 1.5.1 or later, where the SQL Injection vulnerability is patched. 2. Conduct a thorough audit of all GLPI installations across the organization to identify and remediate any instances running vulnerable versions. 3. Implement strict database access controls and least privilege principles to limit the potential damage from any successful injection attempts. 4. Enable and monitor detailed logging of database queries and application logs to detect anomalous or suspicious SQL activity indicative of exploitation attempts. 5. Employ Web Application Firewalls (WAFs) with rules tailored to detect and block SQL Injection patterns targeting GLPI endpoints. 6. Regularly review and update security policies around third-party plugins and extensions to ensure timely patching and vulnerability management. 7. Educate IT and security teams about the risks associated with SQL Injection and the importance of input validation and patch management in GLPI environments. 8. Consider network segmentation to isolate GLPI servers from critical infrastructure to reduce attack surface exposure.