{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T12:28:49.550","vulnerabilities":[{"cve":{"id":"CVE-2025-3872","sourceIdentifier":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","published":"2025-04-24T10:15:17.093","lastModified":"2025-10-22T14:10:02.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.\n\n\nA user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.\n\n\n\nThis issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4."},{"lang":"es","value":"La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Centreon centreon-web (módulos del formulario de configuración de usuario) permite la inyección SQL. Un usuario con privilegios elevados puede convertirse en administrador interceptando la solicitud del formulario de contacto y modificando su payload. Este problema afecta a Centreon: de la versión 22.10.0 a la 22.10.28, de la versión 23.04.0 a la 23.04.25, de la versión 23.10.0 a la 23.10.20, de la versión 24.04.0 a la 24.04.10, de la versión 24.10.0 a la 24.10.4."}],"metrics":{"cvssMetricV31":[{"source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*","versionStartIncluding":"22.10.0","versionEndExcluding":"22.10.28","matchCriteriaId":"B762A216-341C-4989-8E32-46087A42CB48"},{"vulnerable":true,"criteria":"cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*","versionStartIncluding":"23.04.0","versionEndExcluding":"23.04.25","matchCriteriaId":"92132FF0-1099-4F1B-B5E6-8FE0577770C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*","versionStartIncluding":"23.10.0","versionEndExcluding":"23.10.20","matchCriteriaId":"F9BECCFC-C3C6-4A0D-B10A-29FC01486CD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*","versionStartIncluding":"24.04.0","versionEndExcluding":"24.04.10","matchCriteriaId":"BB5744F8-A08E-4775-A63C-594A301D3AAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*","versionStartIncluding":"24.10.0","versionEndExcluding":"24.10.4","matchCriteriaId":"4F80239D-00CD-4A74-84B5-429897AC4B0A"}]}]}],"references":[{"url":"https://github.com/centreon/centreon/releases","source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","tags":["Release Notes"]},{"url":"https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55571-centreon-web-high-severity-4496","source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","tags":["Vendor Advisory"]}]}}]}