Executive Summary

CVE-2025-65035 is a Stored Object Injection vulnerability in the pluginsGLPI Database Inventory Plugin up to version 1.1.1. It occurs because user-controlled data is insecurely stored in the database via the 'computergroup' parameter and then unserialized on every page load. This allows an attacker who has already obtained database write access through another vulnerability or misconfiguration to instantiate arbitrary PHP objects, potentially leading to severe security issues. The vulnerability was fixed in version 1.1.2 by replacing PHP serialization with JSON encoding to prevent object injection. [2, 3]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can lead to arbitrary PHP object instantiation, which may result in significant confidentiality, integrity, and availability impacts on the affected system. An attacker with high privileges and database write access could manipulate data, cause data loss or corruption, or disrupt the availability of the component. The CVSS v3.1 score rates this vulnerability as moderate severity with high impacts on confidentiality, integrity, and availability. [3]

Useful 0 Not Useful 0

Detection Guidance

Detection involves checking if your system is running pluginsGLPI's Database Inventory Plugin version prior to 1.1.2 and if the database contains serialized PHP objects in the 'computergroup' dynamic group search parameters. You can query the database to find entries where the 'search' field is not in JSON format (i.e., does not start with '{'). For example, using SQL: SELECT * FROM computergroup WHERE search NOT LIKE '{%'; This indicates potentially vulnerable serialized data. Additionally, monitoring for unusual unserialize() calls or PHP object instantiation on page loads related to the plugin may help detect exploitation attempts. [2, 3]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows arbitrary PHP object instantiation through insecure unserialization of user-controlled data, potentially leading to high confidentiality, integrity, and availability impacts. Such impacts could result in unauthorized data access or modification, which may violate compliance requirements of standards like GDPR or HIPAA that mandate protection of sensitive data and system integrity. However, the vulnerability requires prior database write access obtained through another vulnerability or misconfiguration, indicating that the root cause is a security weakness that could undermine compliance if exploited. [3]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the pluginsGLPI Database Inventory Plugin to version 1.1.2 or later, which replaces insecure PHP serialization with secure JSON encoding/decoding and includes a database migration to convert existing serialized data to JSON. If upgrading is not immediately possible, restrict database write access to trusted users only to prevent exploitation, as the vulnerability requires prior database write access. Also, review and harden permissions and configurations to prevent unauthorized data injection. [2, 3]

Useful 0 Not Useful 0