CVE-2025-59935 is a cross-site scripting (XSS) vulnerability classified under CWE-79 affecting GLPI, a widely used open-source IT asset and service management software. The vulnerability exists in versions 10.0.0 through 10.0.20 and allows an unauthenticated attacker to inject malicious JavaScript payloads through the inventory endpoint. This improper neutralization of input during web page generation enables the attacker to store a persistent XSS payload that executes when a legitimate user accesses the affected page. The vulnerability does not require any privileges or authentication, increasing its risk profile. However, user interaction is necessary to trigger the malicious script execution. The impact primarily affects confidentiality, as attackers may steal session cookies, perform actions on behalf of users, or conduct phishing attacks within the context of the GLPI web application. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity level. No public exploits have been reported yet, but the availability of the vulnerability in a popular ITSM tool makes it a potential target for attackers. The vendor has addressed the issue in version 10.0.21, and users are strongly advised to upgrade. The vulnerability highlights the importance of proper input validation and output encoding in web applications to prevent XSS attacks.

For European organizations, the exploitation of CVE-2025-59935 could lead to unauthorized disclosure of sensitive IT asset management data, session hijacking, and potential lateral movement within internal networks. Since GLPI is often used to manage critical IT infrastructure and assets, attackers leveraging this XSS flaw could gain footholds or escalate privileges indirectly by targeting administrative users. The vulnerability's unauthenticated nature increases the attack surface, allowing external threat actors to attempt exploitation without prior access. This could impact confidentiality and trust in IT management systems, potentially disrupting IT operations or leading to data breaches. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, may face compliance risks if exploited. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as exploit code could emerge rapidly after public disclosure.

The primary mitigation is to upgrade GLPI installations to version 10.0.21 or later, where the vulnerability is patched. Organizations should also implement strict input validation and output encoding on all user-supplied data, particularly on the inventory endpoint, to prevent injection of malicious scripts. Deploying web application firewalls (WAFs) with rules to detect and block XSS payloads targeting GLPI can provide additional protection. Monitoring web server logs and application behavior for unusual requests or script injections is recommended to detect attempted exploitation. Educating users about the risks of clicking on suspicious links or interacting with untrusted content within GLPI can reduce the impact of successful XSS attacks. Regular security assessments and penetration testing of GLPI deployments should be conducted to identify and remediate similar vulnerabilities proactively. Finally, organizations should maintain an incident response plan tailored to web application attacks to respond swiftly if exploitation occurs.