Featured image of post CVE-2025-12514
SQL Injection High Centreon Security WebApp

CVE-2025-12514

SQL Injection

CVE-2025-12514: SQL Injection

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-12514

Summary

A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters.

Impact

  • Unauthorized access to sensitive data (e.g., users, passwords, logs).
  • Database enumeration (schemas, tables, users, versions).
  • Escalation to RCE depending on DB configuration (e.g., xp_cmdshell, UDFs).
  • Full compromise of the application if chained with other vulnerabilities.
  • This issue affects all users and environments, as it does not require authentication and is reachable via a public endpoint.

Reference

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12514-centreon-open-tickets-high-severity-5343

Finder

Marcelo Queiroz

By: CVE-Hunters

© 2020 - 2026 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy