CVE-2025-53008 is a medium-severity vulnerability affecting the GLPI (Gestionnaire Libre de Parc Informatique) software, versions from 9.3.1 up to but not including 10.0.19. GLPI is an open-source IT asset and service management tool widely used for ITIL service desk functions, license tracking, and software auditing. The vulnerability is categorized under CWE-522, which refers to insufficiently protected credentials. Specifically, a connected user with legitimate access to the GLPI system can exploit this vulnerability by injecting a malicious payload that enables the theft of mail receiver credentials stored or used by the application. This credential exposure can lead to unauthorized access to sensitive email accounts or services integrated with GLPI. The vulnerability does not require user interaction beyond the attacker being an authenticated user, and it can be exploited remotely over the network (CVSS vector AV:N). The attack complexity is low (AC:L), and no user interaction is needed (UI:N). The vulnerability impacts confidentiality (C:H) but does not affect integrity or availability. The issue was addressed and fixed in GLPI version 10.0.19. No known exploits are reported in the wild as of the publication date. The vulnerability’s medium severity score of 6.5 reflects the moderate risk posed by an insider or authenticated attacker who can leverage this flaw to compromise email credentials, potentially leading to further lateral movement or data exfiltration within an organization.

For European organizations using GLPI versions between 9.3.1 and 10.0.19, this vulnerability poses a significant risk to the confidentiality of email credentials. Since GLPI is often used in IT service management, compromised mail credentials could allow attackers to intercept sensitive communications, reset passwords, or escalate privileges through email-based workflows. This could lead to data breaches, unauthorized access to internal systems, or disruption of IT service management processes. The impact is particularly critical for organizations handling sensitive or regulated data, such as those in finance, healthcare, or government sectors within Europe, where data protection regulations like GDPR impose strict requirements on data confidentiality. The vulnerability’s requirement for authenticated access limits exposure to insider threats or attackers who have already compromised user credentials, but it still represents a serious risk if access controls or monitoring are insufficient. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for targeted attacks, especially as threat actors often develop exploits following public disclosure.

European organizations should prioritize upgrading GLPI installations to version 10.0.19 or later, where this vulnerability is fixed. Until the upgrade is applied, organizations should enforce strict access controls and monitoring on GLPI user accounts, especially limiting privileges to only those necessary for job functions to reduce the risk of credential theft by insiders or compromised accounts. Implement multi-factor authentication (MFA) for GLPI access to mitigate the risk of credential compromise leading to exploitation. Regularly audit and monitor logs for unusual activity related to mail credential access or injection attempts. Additionally, segregate GLPI systems from critical email infrastructure where possible, and ensure that mail credentials stored or used by GLPI are encrypted and rotated regularly. Organizations should also educate users about the risks of credential theft and encourage prompt reporting of suspicious behavior. Finally, consider implementing network segmentation and intrusion detection systems to detect and prevent exploitation attempts targeting GLPI.