An unauthenticated user is able to introduce SQL Injection using...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.

This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

AI Analysis

SQL Injection vulnerability in Centreon Infra Monitoring via Awie export module

Basic Information

ID CVE-2025-15029

Source Centreon

Published Jan 5, 2026 at 14:34

Affected Product

Vendor Centreon

Product Infra Monitoring

Version 25.10.0

Affected Versions Centreon Infra Monitoring 25.10.0
Centreon Infra Monitoring 24.10.0
Centreon Infra Monitoring 24.04.0

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Centreon

Product Infra Monitoring

Version 25.10.0, 24.10.0, 24.04.0

References

github.com /centreon/centreon/releases

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.",
    "published": "2026-01-05T14:34:02.986Z",
    "modified": "2026-01-05T14:34:02.986Z",
    "type": "cve",
    "title": "An unauthenticated user is able to introduce SQL Injection using the Awie export module",
    "source": "Centreon",
    "references": "https://github.com/centreon/centreon/releases",
    "id": "CVE-2025-15029",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Centreon Infra Monitoring 25.10.0\nCentreon Infra Monitoring 24.10.0\nCentreon Infra Monitoring 24.04.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Infra Monitoring",
    "version": "25.10.0",
    "vendor": "Centreon",
    "ai_description": "SQL Injection vulnerability in Centreon Infra Monitoring via Awie export module",
    "ai_severity": "Critical",
    "ai_vendor": "Centreon",
    "ai_product": "Infra Monitoring",
    "ai_version": "25.10.0, 24.10.0, 24.04.0",
    "ai_score": 9.8
}

An unauthenticated user is able to introduce SQL Injection using the Awie export module_CVE-2025-15029