Vulnerability Description
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518fa
- https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b44
- https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798c
- https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-x
FAQ
What is CVE-2025-53360?
CVE-2025-53360 is a vulnerability with a CVSS score of 4.3 (MEDIUM). pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticat...
How severe is CVE-2025-53360?
CVE-2025-53360 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53360?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.