CVE-2025-6791

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-6791
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6791.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6791
Published
2025-08-22T18:56:28.027Z
Modified
2026-04-10T05:34:52.950412Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Second order SQL injection available to user with low privilege
Details

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.

Database specific 
{
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6791.json",
    "cna_assigner": "Centreon"
}
References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
38e3f869ec4005acb857c92e3e2671bfa60879b4
Fixed
1e0cdcd3ead34e3dd6885dd1ef2c34fe7d9613d0
Database specific 
{
    "versions": [
        {
            "introduced": "24.10.0"
        },
        {
            "fixed": "24.10.9"
        }
    ]
}
Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3
Fixed
56cbee29e93524392ff915beb120bc0371b1af7b
Database specific 
{
    "versions": [
        {
            "introduced": "24.04.0"
        },
        {
            "fixed": "24.04.16"
        }
    ]
}
Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
755448bcd365969a97e902b856a1e5f56d80adaa
Fixed
7b641c278db5fe0088a2043f2573f0815453e47c
Database specific 
{
    "versions": [
        {
            "introduced": "23.10.0"
        },
        {
            "fixed": "23.10.26"
        }
    ]
}

Affected versions

centreon-awie-23.*
centreon-awie-23.10.0
centreon-awie-24.*
centreon-awie-24.04.0
centreon-awie-24.04.1
centreon-awie-24.10.0
centreon-awie-24.10.1
centreon-dsm-23.*
centreon-dsm-23.10.0
centreon-dsm-23.10.1
centreon-dsm-23.10.2
centreon-dsm-23.10.3
centreon-dsm-24.*
centreon-dsm-24.04.0
centreon-dsm-24.04.2
centreon-dsm-24.04.3
centreon-dsm-24.04.4
centreon-dsm-24.04.5
centreon-dsm-24.10.0
centreon-dsm-24.10.1
centreon-gorgone-23.*
centreon-gorgone-23.10.0
centreon-gorgone-23.10.1
centreon-gorgone-23.10.2
centreon-gorgone-23.10.3
centreon-gorgone-23.10.5
centreon-gorgone-23.10.6
centreon-gorgone-23.10.7
centreon-gorgone-23.10.8
centreon-gorgone-23.10.9
centreon-gorgone-24.*
centreon-gorgone-24.04.0
centreon-gorgone-24.04.1
centreon-gorgone-24.04.2
centreon-ha-23.*
centreon-ha-23.10.0
centreon-ha-24.*
centreon-ha-24.04.0
centreon-ha-24.10.0
centreon-open-tickets-23.*
centreon-open-tickets-23.10.0
centreon-open-tickets-23.10.1
centreon-open-tickets-23.10.2
centreon-open-tickets-23.10.3
centreon-open-tickets-24.*
centreon-open-tickets-24.04.0
centreon-open-tickets-24.04.1
centreon-open-tickets-24.04.2
centreon-open-tickets-24.04.3
centreon-open-tickets-24.04.4
centreon-open-tickets-24.10.0
centreon-open-tickets-24.10.1
centreon-open-tickets-24.10.2
centreon-open-tickets-24.10.3
centreon-web-23.*
centreon-web-23.10.0
centreon-web-23.10.1
centreon-web-23.10.11
centreon-web-23.10.12
centreon-web-23.10.13
centreon-web-23.10.14
centreon-web-23.10.15
centreon-web-23.10.16
centreon-web-23.10.17
centreon-web-23.10.18
centreon-web-23.10.19
centreon-web-23.10.2
centreon-web-23.10.20
centreon-web-23.10.21
centreon-web-23.10.22
centreon-web-23.10.23
centreon-web-23.10.24
centreon-web-23.10.25
centreon-web-23.10.3
centreon-web-23.10.4
centreon-web-23.10.5
centreon-web-23.10.6
centreon-web-23.10.7
centreon-web-23.10.8
centreon-web-23.10.9
centreon-web-24.*
centreon-web-24.04.0
centreon-web-24.04.10
centreon-web-24.04.11
centreon-web-24.04.12
centreon-web-24.04.13
centreon-web-24.04.14
centreon-web-24.04.15
centreon-web-24.04.2
centreon-web-24.04.3
centreon-web-24.04.4
centreon-web-24.04.5
centreon-web-24.04.6
centreon-web-24.04.7
centreon-web-24.04.8
centreon-web-24.04.9
centreon-web-24.10.0
centreon-web-24.10.1
centreon-web-24.10.2
centreon-web-24.10.3
centreon-web-24.10.4
centreon-web-24.10.5
centreon-web-24.10.6
centreon-web-24.10.8
centreon-widget-engine-status-23.*
centreon-widget-engine-status-23.10.0
centreon-widget-global-health-23.*
centreon-widget-global-health-23.10.0
centreon-widget-graph-monitoring-23.*
centreon-widget-graph-monitoring-23.10.0
centreon-widget-graph-monitoring-23.10.1
centreon-widget-host-monitoring-23.*
centreon-widget-host-monitoring-23.10.0
centreon-widget-host-monitoring-23.10.1
centreon-widget-host-monitoring-23.10.2
centreon-widget-host-monitoring-23.10.4
centreon-widget-hostgroup-monitoring-23.*
centreon-widget-hostgroup-monitoring-23.10.0
centreon-widget-hostgroup-monitoring-23.10.1
centreon-widget-hostgroup-monitoring-23.10.2
centreon-widget-httploader-23.*
centreon-widget-httploader-23.10.0
centreon-widget-live-top10-cpu-usage-23.*
centreon-widget-live-top10-cpu-usage-23.10.0
centreon-widget-live-top10-cpu-usage-23.10.1
centreon-widget-live-top10-memory-usage-23.*
centreon-widget-live-top10-memory-usage-23.10.0
centreon-widget-live-top10-memory-usage-23.10.1
centreon-widget-ntopng-listing-23.*
centreon-widget-ntopng-listing-23.10.0
centreon-widget-service-monitoring-23.*
centreon-widget-service-monitoring-23.10.0
centreon-widget-service-monitoring-23.10.1
centreon-widget-service-monitoring-23.10.2
centreon-widget-servicegroup-monitoring-23.*
centreon-widget-servicegroup-monitoring-23.10.0
centreon-widget-servicegroup-monitoring-23.10.1
centreon-widget-single-metric-23.*
centreon-widget-single-metric-23.10.0
centreon-widget-tactical-overview-23.*
centreon-widget-tactical-overview-23.10.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6791.json"