PT-2025-52493 · Teclib+1 · Teclib' Inventory Agents+1
Yigit-Kiratli
·
Published
2025-12-19
·
Updated
2025-12-19
·
CVE-2025-65035
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pluginsGLPI Database Inventory Plugin versions prior to 1.1.2
Description
The Database Inventory Plugin for pluginsGLPI manages Teclib' inventory agents to inventory databases on workstations. Prior to version 1.1.2, user-controlled data is stored insecurely in the database via
computergroup and is later unserialized on every page load, potentially allowing arbitrary PHP object instantiation. This requires database write access, which must be obtained through another issue or misconfiguration.Recommendations
Update to pluginsGLPI Database Inventory Plugin version 1.1.2 or later.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glpi Database Inventory Plugin
Teclib' Inventory Agents