CVE-2025-64520 is a vulnerability classified under CWE-862 (Missing Authorization) affecting the GLPI software, versions from 9.1.0 up to 10.0.21. GLPI is widely used for IT asset and service management. The vulnerability arises because the software fails to enforce proper authorization checks on API endpoints that serve knowledge base entries. As a result, an attacker with API access but without proper privileges can retrieve all knowledge base content, which may contain sensitive operational or security-related information. The vulnerability does not allow modification or deletion of data, nor does it affect system availability. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates that the attack can be performed remotely over the network with low privileges and no user interaction, leading to a high confidentiality impact. The flaw was reserved in November 2025 and published in December 2025, with no known exploits in the wild at the time of publication. The recommended mitigation is to upgrade to GLPI version 10.0.21 or later, where the authorization checks have been properly implemented to restrict unauthorized API access.

For European organizations, this vulnerability poses a significant risk of unauthorized disclosure of sensitive knowledge base information, which may include internal procedures, security configurations, or incident response guidelines. Such information leakage can aid attackers in planning further attacks or exploiting other vulnerabilities. Organizations in sectors like government, finance, healthcare, and critical infrastructure that use GLPI for IT management are particularly at risk. The confidentiality breach could lead to regulatory compliance issues under GDPR if personal or sensitive data is exposed. Although the vulnerability does not allow data modification or service disruption, the exposure of internal knowledge can indirectly weaken security posture and increase the likelihood of subsequent attacks. The ease of exploitation via network API access with low privileges increases the threat level, especially in environments where API access controls are lax or where attackers can gain initial footholds with limited credentials.

European organizations should immediately verify their GLPI version and plan an upgrade to version 10.0.21 or later, where the vulnerability is patched. Until the upgrade is applied, organizations should restrict API access to trusted users and networks, implement strict network segmentation, and monitor API usage logs for suspicious activity. Employing Web Application Firewalls (WAFs) to detect and block unauthorized API requests can provide interim protection. Additionally, reviewing and tightening API authentication and authorization policies is critical to prevent unauthorized access. Organizations should also conduct audits of knowledge base content to assess sensitivity and consider encrypting or restricting access to particularly sensitive entries. Regular vulnerability scanning and penetration testing focusing on API endpoints can help detect similar authorization issues proactively.