GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

Published: 2025-03-18

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download Exploit for CVE-2025-24799 here:

Use Tor Browser to access .onion links.

Check our team here:

https://tatramed.sk/exploit-147-cve-2023-35081/

https://tatramed.sk/exploit-296-cve-2025-14733/

https://tatramed.sk/exploit-389-cve-2016-2386/

https://tatramed.sk/exploit-554-cve-2023-35311/

https://tatramed.sk/exploit-393-cve-2025-48633/