CVE-2025-3767 HIGH

CVE-2025-3767: SQL Injection in Centreon BAM boolean KPI listing

Vendor Centreon
Product Centreon BAM
Weakness CWE-89 · SQLi
Published April 22, 2025
Last update April 22, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.

Key dates

02Disclosure timeline

April 22, 2025 CVE published
April 22, 2025 Record updated