CVE-2025-59935 is a cross-site scripting (XSS) vulnerability classified under CWE-79 found in the GLPI software, an open-source IT asset and management platform widely used for inventory and helpdesk functions. The vulnerability exists in versions starting from 10.0.0 up to 10.0.20, where an unauthenticated attacker can submit specially crafted input to the inventory endpoint that is improperly neutralized during web page generation. This improper input sanitization allows the injection and storage of malicious JavaScript payloads. When a legitimate user subsequently interacts with the affected inventory page, the malicious script executes in their browser context, potentially exposing sensitive information such as session tokens or enabling further attacks like phishing or session hijacking. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction to trigger the payload. The vulnerability does not impact system integrity or availability directly but compromises confidentiality. No public exploits have been reported yet, but the presence of an unauthenticated injection vector increases the risk profile. The vendor has addressed the issue in version 10.0.21, and users are strongly advised to upgrade to this patched release to remediate the vulnerability.

For European organizations, this vulnerability poses a risk primarily to confidentiality, as attackers can steal sensitive data from users interacting with the GLPI inventory interface. Since GLPI is used for IT asset management, exposure of inventory data or session credentials could facilitate further lateral movement or targeted attacks within an organization. The unauthenticated nature of the injection increases the attack surface, allowing external threat actors to attempt exploitation without credentials. Although no integrity or availability impact is noted, the potential for data leakage and subsequent exploitation could disrupt operations or lead to compliance violations under GDPR if personal or sensitive data is exposed. Organizations relying heavily on GLPI for managing critical infrastructure or governmental IT assets are at heightened risk. The requirement for user interaction means social engineering or phishing campaigns could be used to trigger the payload, increasing the threat to end users. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, especially as the vulnerability is publicly disclosed.

The primary mitigation is to upgrade GLPI installations to version 10.0.21 or later, where the vulnerability has been patched. Organizations should implement strict input validation and output encoding on all user-supplied data, especially on the inventory endpoint, to prevent injection of malicious scripts. Web application firewalls (WAFs) can be configured to detect and block common XSS payload patterns targeting GLPI endpoints. Security teams should monitor logs for unusual or repeated requests to the inventory endpoint that may indicate exploitation attempts. User awareness training should emphasize caution when interacting with inventory pages and recognizing potential phishing attempts that could trigger XSS payloads. Additionally, applying Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Regular vulnerability scanning and penetration testing focused on web application security will help identify any residual or related weaknesses. Finally, organizations should review and limit GLPI user permissions to reduce the impact scope if exploitation occurs.