Medium severity6.4OSV Advisory· Published Dec 19, 2025· Updated Apr 15, 2026
CVE-2025-65035
CVE-2025-65035
Description
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.0.0, 1.0.1, 1.0.2, …+ 1 more
- (no CPE)range: 1.0.0, 1.0.1, 1.0.2, …
- (no CPE)range: <1.1.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.