A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used open-source IT Service Management (ITSM) tool.
The flaw, if exploited, enables remote, unauthenticated attackers to manipulate database queries, potentially leading to severe consequences such as data theft, tampering, or even remote code execution.
https://gbhackers.com/glpi-itsm-tool-flaw/