CVE-2025-53360
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teclib | database_inventory_plugin | 1.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Database Inventory Plugin of pluginsGLPI versions prior to 1.0.3, where any authenticated user could send requests to the Teclib inventory agents on the workstation. This could allow unauthorized interactions with the inventory agents. The issue was fixed in version 1.0.3.
How can this vulnerability impact me? :
This vulnerability could allow an authenticated user to send unauthorized requests to inventory agents, potentially causing denial of service or disruption of the inventory process on the workstation. The CVSS score indicates a low to medium impact primarily affecting availability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Database Inventory Plugin to version 1.0.3 or later, as this version contains the patch that fixes the vulnerability allowing any authenticated user to send requests to agents.