CVE-2025-3767
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.
This page is only accessible to authenticated users with high privileges.
This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Centreon | Centreon BAM | 24.10 < 24.10.1 | affected |
| Centreon | Centreon BAM | 24.04 < 24.04.5 | affected |
| Centreon | Centreon BAM | 23.10 < 23.10.10 | affected |
| Centreon | Centreon BAM | 23.04 < 23.04.10 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-46924-cve-2025-3767-centreon-bam-high-severity-4459
- https://github.com/centreon/centreon/releases
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.