CVE-2025-53360
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-53360
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53360.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-53360
- Aliases
-
- GHSA-5j5j-xr62-jr58
- Published
- 2025-11-18T16:12:15.116Z
- Modified
- 2025-12-05T10:19:18.840549Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests
- Details
-
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-284" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53360.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53360.json
- https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87
- https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e
- https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269
- https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58
- https://nvd.nist.gov/vuln/detail/CVE-2025-53360