CVE-2025-12514

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows

SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

Affected Software

VendorProductVersion RangeStatus
CentreonInfra Monitoring - Open-tickets24.10.0 < 24.10.5affected
CentreonInfra Monitoring - Open-tickets24.04.0 < 24.04.5affected
CentreonInfra Monitoring - Open-tickets23.10.0 < 23.10.4affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References