Arbitrary PHP Object Instantiation in Teclib' Inventory Agents
CVE-2025-65035

6.4MEDIUM

Key Information:

Vendor

Pluginsglpi

Status
Databaseinventory
Vendor
CVE Published:
19 December 2025

What is CVE-2025-65035?

The Teclib' Database Inventory Plugin, before version 1.1.2, is susceptible to a vulnerability where user-controlled data is stored insecurely in the database via computergroup. If an attacker gains write access to the database through another vulnerability or misconfiguration, they can exploit this weakness to achieve arbitrary PHP object instantiation on every page load, leading to potentially severe security repercussions. Version 1.1.2 has been released to remediate this issue.

Affected Version(s)

databaseinventory < 1.1.2

References

https://github.com/pluginsGLPI/databaseinventory/security...
x_refsource_CONFIRM
https://github.com/pluginsGLPI/databaseinventory/commit/0...
x_refsource_MISC
https://github.com/pluginsGLPI/databaseinventory/blob/1.1...
x_refsource_MISC

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-65035 : Arbitrary PHP Object Instantiation in Teclib' Inventory Agents