CVE-2025-52567 is a Server-Side Request Forgery (SSRF) vulnerability identified in the GLPI software, a widely used free asset and IT management solution that supports data center management, ITIL service desk operations, license tracking, and software auditing. The vulnerability affects GLPI versions from 0.84 up to but not including 10.0.19. The issue arises specifically when GLPI processes RSS feeds or external calendar data during planning operations. Prior security patches released since version 10.0.4 were insufficient to fully mitigate this SSRF vulnerability in certain edge cases, allowing attackers to exploit the flaw until it was properly fixed in version 10.0.19. SSRF vulnerabilities enable attackers to induce the server to make HTTP requests to arbitrary internal or external resources, potentially bypassing firewall restrictions and accessing sensitive internal services or metadata endpoints. In this case, the vulnerability is exploitable remotely without user interaction but requires low privileges on the GLPI system. The CVSS 3.1 base score is 3.5 (low severity), reflecting that the impact is limited to confidentiality with no direct impact on integrity or availability. The attack complexity is high, and the attacker must have some level of privileges, which reduces the overall risk. No known exploits are reported in the wild as of the publication date. The scope is changed, indicating that the vulnerability could affect components beyond the initially targeted GLPI module. This vulnerability is classified under CWE-918 (SSRF).

For European organizations, the impact of this SSRF vulnerability in GLPI could be significant depending on the deployment context. GLPI is commonly used in IT asset management and service desk environments, often integrated with internal networks and sensitive infrastructure. Exploitation could allow an attacker with low privileges to make the GLPI server perform unauthorized HTTP requests, potentially accessing internal services that are otherwise inaccessible externally. This could lead to unauthorized information disclosure, such as internal IP addresses, metadata services in cloud environments, or other sensitive internal endpoints. While the vulnerability does not directly allow code execution or denial of service, the information gained could be leveraged for further attacks or lateral movement within the network. European organizations with GLPI deployments that integrate external feeds or calendars are particularly at risk if they have not upgraded to version 10.0.19 or later. The risk is heightened in environments where GLPI servers have network access to critical internal systems or cloud metadata endpoints. Given the low CVSS score, the immediate risk is moderate, but the potential for chained attacks means organizations should treat this vulnerability seriously.

1. Immediate upgrade to GLPI version 10.0.19 or later, where the SSRF vulnerability is fully patched, is the most effective mitigation. 2. Restrict network access from the GLPI server to only necessary external and internal resources using firewall rules or network segmentation to limit the impact of potential SSRF exploitation. 3. Disable or limit the use of external RSS feeds and calendar integrations if not essential, or validate and sanitize all external URLs before processing. 4. Implement strict input validation and output encoding on all user-supplied URLs or data that GLPI processes for planning features. 5. Monitor GLPI server logs for unusual outbound HTTP requests that could indicate exploitation attempts. 6. Apply the principle of least privilege to GLPI user accounts to minimize the risk posed by low-privilege attackers. 7. Conduct regular vulnerability scans and penetration tests focusing on SSRF and related web application vulnerabilities in GLPI deployments. 8. If possible, deploy Web Application Firewalls (WAFs) with rules to detect and block SSRF patterns targeting GLPI endpoints.