GLPI 10.0.18
28 March 2025
GLPI version 10.0.18 is now available (security release).
Upgrading to GLPI 10.0.18
GLPI 10.0.18 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply GLPI updates as new versions are released, or use Installatron's Clone feature to duplicate an existing GLPI install to test the 10.0.18 upgrade prior to applying it live. Get started managing your GLPI installations with Installatron
What's New in GLPI 10.0.18
Security
- Unauthenticated SQL injection through the inventory endpoint (CVE-2025-24799)
- Authenticated Remote code execution (CVE-2025-24801)
- SQL injection through the rules configuration (CVE-2025-21619)
- Open Redirection (CVE-2024-11955)
- Reflected XSS in search page (CVE-2025-21627)
- Exposure of sensitive information in the `status.php` endpoint (CVE-2025-21626)
- Plugins disabled by unauthenticated user (CVE-2025-23024)
- Unauthorized authentication by email using the OAuthIMAP plugin (CVE-2025-23046)
- Unauthorized access to debug mode (CVE-2025-25192)