What is CVE-2025-27147?

CVE-2025-27147 is a high-severity vulnerability in Glpi-project Glpi-inventory-plugin, classified under Path Traversal. CVSS score: 8.2/10. Published 2025-03-25.

How severe is CVE-2025-27147?

High severity. CVSS v3 base score is 8.2 out of 10.

Path Traversal in Glpi-project Glpi-inventory-plugin

CVE-2025-27147

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (28.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L.

Affected products

Glpi-project Glpi-inventory-plugin — versions < 1.5.0

Weakness classification (CWE)

References

https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-h6x9-jm98-cw7c (x_refsource_CONFIRM)
https://github.com/glpi-project/glpi-inventory-plugin/commit/aaeb26d98d07019375c25b56e60fffc195553545 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-27147?: CVE-2025-27147 is a high-severity vulnerability in Glpi-project Glpi-inventory-plugin, classified under Path Traversal. CVSS score: 8.2/10. Published 2025-03-25.
How severe is CVE-2025-27147?: High severity. CVSS v3 base score is 8.2 out of 10.