An administrative template injection vulnerability in GLPI allows for remote code execution, posing a significant risk to the IT management environment.

The application fails to properly sanitize administrative template inputs, allowing an attacker with administrative privileges to inject code that is subsequently executed.

While this requires administrative access, the resulting RCE allows the attacker to fully compromise the server hosting the IT management assets. Given the 9.1 CVSS score, the impact on organizational security is severe.

Immediate Action: Update GLPI to version 11.0.6 or later.

Proactive Monitoring: Audit administrative activities and review template configurations for any unauthorized or suspicious code injections.

Compensating Controls: Limit access to administrative functions to a small, trusted group of users and implement robust logging for administrative actions.

Public Exploit Available: Unknown

The ability for an administrator to achieve RCE is a critical risk. Administrators must update to 11.0.6 immediately and ensure that administrative access is strictly controlled and audited.