Browse all 4 CVE security advisories affecting snipeitapp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Snipe-it is an open-source IT asset management solution designed for tracking hardware, software, and licenses across organizations. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with four CVEs documented to date. The application's security posture has been impacted by insufficient input validation and access control weaknesses, though no major public security incidents have been widely reported. Its lightweight nature and self-hosted deployment model offer flexibility but require diligent maintenance to address potential vulnerabilities, particularly in default configurations where security settings may be inadequately implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-25264 | Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting — IT Open Source Asset ManagementCWE-79 | 6.4 | Medium | 2026-02-03 |
| CVE-2025-59712 | Snipe-IT 跨站脚本漏洞 — Snipe-ITCWE-79 | 6.4 | Medium | 2025-09-19 |
| CVE-2025-59713 | Snipe-IT 代码问题漏洞 — Snipe-ITCWE-502 | 6.8 | Medium | 2025-09-19 |
| CVE-2025-47226 | Snipe-IT 安全漏洞 — Snipe-ITCWE-425 | 5.0 | Medium | 2025-05-02 |
This page lists every published CVE security advisory associated with snipeitapp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.