CVE-2025-53360
MEDIUMpluginsGLPI's Database Inventory Plugin <1.0.3 - Privilege Escalation
Title source: llmDescription
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58
Patch x_refsource_misc
https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87
Scores
CVSS v3
4.3
EPSS
0.0006
EPSS Percentile
17.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
pluginsGLPI/databaseinventory
< 1.0.3
Published
Nov 18, 2025
Tracked Since
Feb 18, 2026