{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27153", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-19T16:30:47.780Z", "datePublished": "2025-07-01T18:27:50.677Z", "dateUpdated": "2025-07-01T19:35:43.790Z"}, "containers": {"cna": {"title": "Escalade GLPI Plugin Vulnerable to Improper Access Control", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9"}, {"name": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11"}], "affected": [{"vendor": "pluginsGLPI", "product": "escalade", "versions": [{"version": "< 2.9.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-01T18:27:50.677Z"}, "descriptions": [{"lang": "en", "value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."}], "source": {"advisory": "GHSA-pvqv-8r3r-47m9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T19:34:37.266649Z", "id": "CVE-2025-27153", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T19:35:43.790Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27153", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-01T19:34:37.266649Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T19:35:07.985Z"}}], "cna": {"title": "Escalade GLPI Plugin Vulnerable to Improper Access Control", "source": {"advisory": "GHSA-pvqv-8r3r-47m9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "pluginsGLPI", "product": "escalade", "versions": [{"status": "affected", "version": "< 2.9.11"}]}], "references": [{"url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9", "name": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11", "name": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-01T18:27:50.677Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27153", "state": "PUBLISHED", "dateUpdated": "2025-07-01T19:35:43.790Z", "dateReserved": "2025-02-19T16:30:47.780Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-01T18:27:50.677Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."}, {"lang": "es", "value": "El complemento Escalade GLPI ayuda a escalar tickets en GLPI. Antes de la versi\u00f3n 2.9.11, exist\u00eda una vulnerabilidad de control de acceso inadecuado. Esto pod\u00eda provocar la exposici\u00f3n de datos e interrupciones en el flujo de trabajo. Este problema se ha corregido en la versi\u00f3n 2.9.11."}], "id": "CVE-2025-27153", "lastModified": "2025-07-03T15:14:12.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-01T19:15:25.970", "references": [{"source": "[email protected]", "url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11"}, {"source": "[email protected]", "url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Primary"}]}

{}