CVE-2025-3767

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-46924-cve-2025-3767-centreon-bam-high-severity-4459

Configurations

No configuration.

History

No history.

Information

Published : 2025-04-22 16:15

Updated : 2025-04-23 14:08

NVD link : CVE-2025-3767

Mitre link : CVE-2025-3767

CVE.ORG link : CVE-2025-3767

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.2 /10