CVE-2025-12514 identifies a SQL Injection vulnerability in Centreon Infra Monitoring's Open-tickets module, specifically within notification rules configuration parameters and open tickets modules. The root cause is improper neutralization of special elements in SQL commands, allowing malicious input to alter SQL queries. This vulnerability affects multiple versions: 23.10.0 before 23.10.4, 24.04.0 before 24.04.5, and 24.10.0 before 24.10.5. An attacker with elevated privileges can exploit this flaw remotely over the network without requiring user interaction, enabling them to execute arbitrary SQL commands on the backend database. This can lead to unauthorized data disclosure, modification, or deletion, and potentially full system compromise. The vulnerability has a CVSS 3.1 base score of 7.2, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. No public exploits are known at this time, but the risk remains significant due to the critical nature of monitoring systems in enterprise environments. Centreon Infra Monitoring is widely used in IT infrastructure monitoring, making this vulnerability a serious concern for organizations relying on it for operational continuity.

For European organizations, the impact of CVE-2025-12514 can be severe. Centreon Infra Monitoring is often deployed in enterprise IT environments, including critical infrastructure sectors such as energy, telecommunications, and finance. Exploitation could allow attackers to manipulate monitoring data, hide alerts, or disrupt incident response processes, potentially leading to prolonged outages or undetected breaches. Confidential information stored in the monitoring system's database could be exposed or altered, undermining trust and compliance with data protection regulations like GDPR. The requirement for elevated privileges limits the attack surface but insider threats or compromised privileged accounts could facilitate exploitation. Disruption of monitoring services can have cascading effects on operational technology and business continuity. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score underscores the urgency for European organizations to address this vulnerability promptly.

1. Apply official patches from Centreon as soon as they are released for affected versions (23.10.x, 24.04.x, 24.10.x). 2. Restrict elevated privileges strictly to trusted personnel and implement strong authentication mechanisms such as multi-factor authentication (MFA) for privileged accounts. 3. Conduct thorough input validation and sanitization on all user-supplied data, especially within notification rules and open tickets modules, to prevent injection attacks. 4. Monitor database queries and application logs for unusual or suspicious activity indicative of SQL Injection attempts. 5. Employ Web Application Firewalls (WAFs) with rules tailored to detect and block SQL Injection patterns targeting Centreon Infra Monitoring. 6. Regularly audit user permissions and review access controls to minimize the risk of privilege escalation. 7. Implement network segmentation to isolate monitoring infrastructure from less trusted network zones. 8. Educate administrators and users with elevated privileges about the risks and signs of exploitation attempts. 9. Prepare incident response plans specifically addressing potential monitoring system compromises to enable rapid containment and recovery.