Medium severity6.4OSV Advisory· Published Dec 19, 2025· Updated Apr 15, 2026

CVE-2025-65035

Description

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration), user-controlled data is stored insecurely in the database via computergroup, and is later unserialized on every page load, allowing arbitrary PHP object instantiation. Version 1.1.2 fixes the issue.

Affected products

Pluginsglpi/DatabaseinventoryOSV
Range: 1.0.0, 1.0.1, 1.0.2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/pluginsGLPI/databaseinventory/blob/1.1.2/CHANGELOG.mdnvd
github.com/pluginsGLPI/databaseinventory/commit/08c7055d2c5fc744cb092d7d56a608e359c56f1anvd
github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-xc3r-32rx-3j4jnvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000