CVE-2025-12514 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/centreon/centreon/releases

History

Mon, 22 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 22 Dec 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Title		A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters
Weaknesses		CWE-89
References		https://github.com/centreon/centreon/releases
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Centreon

Published: 2025-12-22T10:59:18.155Z

Updated: 2025-12-22T13:03:40.534Z

Reserved: 2025-10-30T15:26:40.360Z

Link: CVE-2025-12514

Vulnrichment

Updated: 2025-12-22T13:03:11.809Z

NVD

Status : Received

Published: 2025-12-22T11:15:56.990

Modified: 2025-12-22T11:15:56.990

Link: CVE-2025-12514

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12514", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "state": "PUBLISHED", "assignerShortName": "Centreon", "dateReserved": "2025-10-30T15:26:40.360Z", "datePublished": "2025-12-22T10:59:18.155Z", "dateUpdated": "2025-12-22T13:03:40.534Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Notification rules configuration parameters", "Open tickets"], "product": "Infra Monitoring - Open-tickets", "vendor": "Centreon", "versions": [{"lessThan": "24.10.5", "status": "affected", "version": "24.10.0", "versionType": "custom"}, {"lessThan": "24.04.5", "status": "affected", "version": "24.04.0", "versionType": "custom"}, {"lessThan": "23.10.4", "status": "affected", "version": "23.10.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Marcelo Queiroz"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.<p>This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2025-12-22T10:59:18.155Z"}, "references": [{"tags": ["release-notes"], "url": "https://github.com/centreon/centreon/releases"}], "source": {"discovery": "UNKNOWN"}, "title": "A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T13:00:53.955586Z", "id": "CVE-2025-12514", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T13:03:40.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12514", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-22T13:00:53.955586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T13:03:11.809Z"}}], "cna": {"title": "A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Marcelo Queiroz"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Centreon", "modules": ["Notification rules configuration parameters", "Open tickets"], "product": "Infra Monitoring - Open-tickets", "versions": [{"status": "affected", "version": "24.10.0", "lessThan": "24.10.5", "versionType": "custom"}, {"status": "affected", "version": "24.04.0", "lessThan": "24.04.5", "versionType": "custom"}, {"status": "affected", "version": "23.10.0", "lessThan": "23.10.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/centreon/centreon/releases", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.<p>This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2025-12-22T10:59:18.155Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12514", "state": "PUBLISHED", "dateUpdated": "2025-12-22T13:03:40.534Z", "dateReserved": "2025-10-30T15:26:40.360Z", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "datePublished": "2025-12-22T10:59:18.155Z", "assignerShortName": "Centreon"}, "dataVersion": "5.2"}