CVE-2025-53360 MEDIUM

CVE-2025-53360: pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

Vendor Pluginsglpi

Product databaseinventory

Weakness CWE-284

Published November 18, 2025

Last update November 18, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.

Key dates

02Disclosure timeline

November 18, 2025 CVE published

November 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53360

Related vulnerabilities

CVE-2025-53360: pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

01Description

02Disclosure timeline

03References

04Related CVE