CVE-2025-12514
📋 TL;DR
This SQL injection vulnerability in Centreon's Open-tickets module allows authenticated users with elevated privileges to execute arbitrary SQL commands. The vulnerability affects Centreon Infra Monitoring - Open-tickets in specific version ranges, potentially leading to data manipulation or unauthorized access to the database.
💻 Affected Systems
- Centreon Infra Monitoring - Open-tickets
📦 What is this software?
Open Tickets by Centreon
Open Tickets by Centreon
Open Tickets by Centreon
⚠️ Risk & Real-World Impact
Worst Case
Privileged attacker could execute arbitrary SQL commands, leading to complete database compromise, data exfiltration, or system takeover.
Likely Case
Privileged user could manipulate ticket data, access sensitive monitoring information, or escalate privileges within the Centreon application.
If Mitigated
With proper access controls and network segmentation, impact would be limited to the Centreon database and application layer.
🎯 Exploit Status
Requires authenticated privileged access; SQL injection vulnerabilities are typically easy to exploit once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.10.5, 24.04.5, 23.10.4
Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12514-centreon-open-tickets-high-severity-5343
Restart Required: Yes
Instructions:
1. Backup Centreon configuration and database. 2. Update to patched version via package manager or manual installation. 3. Restart Centreon services. 4. Verify update was successful.
🔧 Temporary Workarounds
Restrict Privileged Access
allTemporarily limit access to users with elevated privileges in Centreon Open-tickets module
# Review and modify user permissions in Centreon web interface
Network Segmentation
linuxRestrict network access to Centreon web interface to only trusted administrative networks
# Configure firewall rules to limit access to Centreon ports (typically 80/443)
🧯 If You Can't Patch
- Implement strict access controls to limit which users have elevated privileges in Centreon
- Deploy web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check Centreon version via web interface or command line; verify if running affected version rangeCheck Version:
rpm -qa | grep centreon-web # For RPM-based systems, or check via Centreon web interfaceVerify Fix Applied:
Confirm version is updated to 24.10.5, 24.04.5, or 23.10.4; test Open-tickets functionality📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in Centreon logs
- Multiple failed login attempts followed by successful privileged access
- Unexpected database operations from Centreon application
Network Indicators:
- Unusual SQL-like patterns in HTTP POST requests to Centreon
- Multiple rapid requests to Open-tickets endpoints
SIEM Query:
source="centreon.log" AND ("SQL" OR "database error" OR "syntax error")