CVE-2025-3767 is a SQL Injection vulnerability identified in the Centreon BAM product, specifically within the Boolean KPI Listing modules. Centreon BAM is a business activity monitoring tool used to visualize and analyze IT infrastructure and service performance data. The vulnerability arises due to improper neutralization of special elements in SQL commands, classified under CWE-89. This means that user-supplied input is not adequately sanitized or parameterized before being incorporated into SQL queries, allowing an attacker to manipulate the query structure. Exploitation of this vulnerability could enable an authenticated user with high privileges to execute arbitrary SQL commands against the backend database. This could lead to unauthorized data access, data modification, or even deletion, compromising the confidentiality, integrity, and availability of the monitored data and potentially the monitoring system itself. The vulnerability affects multiple versions of Centreon BAM, including 23.04 (before 23.04.10), 23.10 (before 23.10.10), 24.04 (before 24.04.5), and 24.10 (before 24.10.1). Access to the vulnerable page requires authentication with elevated privileges, which limits the attack surface to insiders or attackers who have already compromised user credentials with sufficient rights. As of the publication date, no known exploits are reported in the wild, but the presence of this vulnerability in a critical monitoring tool poses a significant risk if weaponized. Centreon BAM is widely used in enterprise environments for IT service monitoring, making this vulnerability relevant for organizations relying on this product for operational visibility and incident response.

For European organizations, the impact of this vulnerability can be substantial. Centreon BAM is often deployed in critical infrastructure, telecommunications, finance, and government sectors to monitor IT services and business processes. Exploitation could allow attackers to extract sensitive operational data, manipulate monitoring results, or disrupt monitoring services, leading to delayed detection of incidents or misinformed decision-making. This can degrade the overall security posture and operational resilience of affected organizations. Furthermore, unauthorized database access could expose confidential business metrics or personal data, raising compliance concerns under GDPR and other data protection regulations. The requirement for high-privilege authentication reduces the likelihood of external exploitation but increases the risk from insider threats or compromised privileged accounts. Given the strategic importance of IT monitoring in maintaining service continuity, exploitation could indirectly impact availability of critical services, potentially affecting large user bases or essential public services in Europe.

To mitigate this vulnerability, organizations should prioritize updating Centreon BAM to the fixed versions: 23.04.10, 23.10.10, 24.04.5, or 24.10.1 as applicable. If immediate patching is not feasible, restrict access to the Centreon BAM interface to trusted networks and enforce strict access controls limiting high-privilege accounts. Implement multi-factor authentication (MFA) for all privileged users to reduce the risk of credential compromise. Conduct regular audits of user privileges and monitor for unusual activity within the Centreon BAM environment. Additionally, review and harden database permissions to ensure the application account has the minimum necessary rights, limiting the impact of potential SQL injection exploitation. Employ web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the vulnerable modules. Finally, enhance logging and alerting on Centreon BAM to detect anomalous queries or access patterns that may indicate exploitation attempts.