CVE-2025-3872

Name of the Vulnerable Software and Affected Versions Centreon centreon-web versions 22.10.0 through 22.10.27 Centreon centreon-web versions 23.04.0 through 23.04.24 Centreon centreon-web versions 23.10.0 through 23.10.19 Centreon centreon-web versions 24.04.0 through 24.04.9 Centreon centreon-web versions 24.10.0 through 24.10.3

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows an attacker to inject malicious SQL code. A user with high privileges can exploit this by intercepting the contact form request and altering its payload to become an administrator.

Recommendations For Centreon centreon-web versions 22.10.0 through 22.10.27, update to version 22.10.28 or later. For Centreon centreon-web versions 23.04.0 through 23.04.24, update to version 23.04.25 or later. For Centreon centreon-web versions 23.10.0 through 23.10.19, update to version 23.10.20 or later. For Centreon centreon-web versions 24.04.0 through 24.04.9, update to version 24.04.10 or later. For Centreon centreon-web versions 24.10.0 through 24.10.3, update to version 24.10.4 or later.