CVE-2025-6791

high

Description

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.

References

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900

https://github.com/centreon/centreon/releases

Details

Source: Mitre, NVD

Published: 2025-08-22

Updated: 2025-10-22

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00019