cbcvebase.
CVE-2025-3872
published 2025-04-24

CVE-2025-3872: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules)…

PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.34%
25.7th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

Affected

11 ranges
VendorProductVersion rangeFixed in
centreoncentreon>= 22.10.0 < 22.10.2822.10.28
centreoncentreon>= 23.04.0 < 23.04.2523.04.25
centreoncentreon>= 23.10.0 < 23.10.2023.10.20
centreoncentreon>= 24.04.0 < 24.04.1024.04.10
centreoncentreon>= 24.10.0 < 24.10.424.10.4
centreoncentreon_web>= 22.10.0 < 22.10.2822.10.28
centreoncentreon_web>= 23.04.0 < 23.04.2523.04.25
centreoncentreon_web>= 23.10.0 < 23.10.2023.10.20
centreoncentreon_web>= 24.04.0 < 24.04.1024.04.10
centreoncentreon_web>= 24.10.0 < 24.10.424.10.4
msrccm1_vim_8.2.3564-2_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.