CVE-2025-4650
📋 TL;DR
A high-privilege user can perform SQL injection attacks through the Meta Service indicator page in Centreon web interface. This vulnerability affects Centreon web versions 24.10.0-24.10.8, 24.04.0-24.04.15, and 23.10.0-23.10.25.
💻 Affected Systems
- Centreon Web
📦 What is this software?
Centreon Web by Centreon
Centreon Web by Centreon
Centreon Web by Centreon
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data exfiltration, modification, or deletion; potential privilege escalation to full system access.
Likely Case
Unauthorized database access leading to data theft, configuration changes, or service disruption.
If Mitigated
Limited impact if proper privilege separation and input validation are enforced.
🎯 Exploit Status
Requires authenticated high-privilege user; SQL injection via Meta Service indicator page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.10.9, 24.04.16, 23.10.26
Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901
Restart Required: Yes
Instructions:
1. Backup Centreon configuration and database. 2. Update to patched version via package manager or manual installation. 3. Restart Centreon services. 4. Verify fix by checking version.
🔧 Temporary Workarounds
Restrict Meta Service Access
allTemporarily disable or restrict access to Meta Service indicator page for high-privilege users.
# Modify Centreon ACLs to restrict Meta Service access
# Review and adjust user permissions in Centreon interface
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for Meta Service functionality.
- Apply network segmentation and limit database access from Centreon application server.
🔍 How to Verify
Check if Vulnerable:
Check Centreon web version via web interface or command line; verify if within affected ranges.Check Version:
rpm -q centreon-web || dpkg -l centreon-web || check Centreon web interface About pageVerify Fix Applied:
Confirm version is 24.10.9, 24.04.16, or 23.10.26 or later; test Meta Service indicator page functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by Meta Service access
- Suspicious user activity in Centreon audit logs
Network Indicators:
- Abnormal database connection patterns from Centreon server
- Unexpected SQL traffic to database
SIEM Query:
source="centreon.log" AND ("Meta Service" OR "SQL error") OR db_query="SELECT|INSERT|UPDATE|DELETE" FROM centreon_app_server