CVE-2025-66417 is a SQL injection vulnerability classified under CWE-89 that affects the GLPI asset and IT management software. Specifically, versions from 11.0.0 up to but not including 11.0.3 contain a flaw in the inventory endpoint that allows an unauthenticated attacker to inject SQL commands. This occurs due to improper neutralization of special elements in SQL queries, enabling the attacker to manipulate backend database queries. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. Exploitation could lead to unauthorized disclosure of sensitive information stored in GLPI's database, such as asset inventories, user data, and configuration details. Although no integrity or availability impact is indicated, the confidentiality breach alone is critical given the nature of the data managed by GLPI. The vulnerability was publicly disclosed in January 2026 and has a CVSS v3.1 score of 7.5, reflecting its high severity. The vendor addressed the issue in GLPI version 11.0.3, urging users to upgrade promptly. No public exploit code or active exploitation has been reported yet, but the vulnerability's characteristics make it a prime target for attackers seeking to gather intelligence or prepare for further attacks.

For European organizations, the impact of CVE-2025-66417 is significant due to GLPI's widespread use in IT asset management and service desks across public administrations, educational institutions, and private enterprises. Successful exploitation could lead to unauthorized access to sensitive asset inventories, user credentials, and configuration data, potentially facilitating further attacks such as lateral movement or targeted espionage. The breach of confidentiality could undermine compliance with GDPR and other data protection regulations, resulting in legal and financial repercussions. While the vulnerability does not directly affect system integrity or availability, the exposure of critical IT management data could disrupt operational security and trust. Organizations relying on vulnerable GLPI versions face increased risk of data leakage and should consider the threat a priority. The lack of authentication requirement and ease of exploitation further elevate the threat level, especially in environments where GLPI is accessible from external networks.

1. Immediate upgrade to GLPI version 11.0.3 or later to apply the official patch addressing the SQL injection vulnerability. 2. Restrict network access to the GLPI inventory endpoint by implementing firewall rules or network segmentation to limit exposure to trusted users and systems only. 3. Employ Web Application Firewalls (WAFs) with rules specifically designed to detect and block SQL injection attempts targeting GLPI endpoints. 4. Conduct thorough logging and monitoring of GLPI access logs to identify unusual query patterns or repeated access attempts to the inventory endpoint. 5. Perform regular security assessments and penetration testing focusing on GLPI installations to detect any residual vulnerabilities or misconfigurations. 6. Educate IT and security teams about the vulnerability and ensure rapid incident response capabilities in case of suspected exploitation. 7. If immediate patching is not feasible, consider temporarily disabling or restricting the inventory endpoint functionality until the update can be applied.