CVE-2025-6791 is a high-severity SQL Injection vulnerability affecting Centreon web, specifically within the monitoring event logs modules. The flaw arises due to improper neutralization of special elements in SQL commands, allowing an attacker to manipulate HTTP requests to inject malicious SQL payloads into the backend database. This vulnerability impacts multiple versions of Centreon web, including 23.10.0 before 23.10.26, 24.04.0 before 24.04.16, and 24.10.0 before 24.10.9. The vulnerability is classified under CWE-89, indicating that the application fails to properly sanitize or parameterize user input before incorporating it into SQL queries. Exploitation requires network access (AV:N), low attack complexity (AC:L), and privileges (PR:L), but no user interaction (UI:N). The vulnerability affects confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker with limited privileges can potentially read, modify, or delete sensitive data, or disrupt service availability. Although no known exploits are currently reported in the wild, the high CVSS score of 8.8 underscores the critical nature of this flaw. Centreon is a widely used IT infrastructure monitoring solution, and the event logs module is a critical component for operational visibility, making this vulnerability particularly concerning for organizations relying on Centreon for monitoring and alerting.

For European organizations, the impact of CVE-2025-6791 can be significant. Centreon is commonly deployed in enterprise environments, including government agencies, telecommunications, finance, and critical infrastructure sectors across Europe. Successful exploitation could lead to unauthorized data access, including sensitive monitoring data and potentially credentials stored in the database. Attackers could also alter or delete monitoring logs, undermining incident detection and response capabilities. This could result in prolonged undetected breaches or operational disruptions. Additionally, the ability to execute arbitrary SQL commands could allow attackers to pivot within the network, escalate privileges, or disrupt monitoring services, impacting business continuity. Given the reliance on Centreon for real-time infrastructure monitoring, exploitation could degrade the security posture and operational resilience of European organizations, increasing the risk of cascading failures or compliance violations under regulations like GDPR.

To mitigate this vulnerability, European organizations should prioritize upgrading Centreon web to the fixed versions: 23.10.26, 24.04.16, or 24.10.9 or later. If immediate patching is not feasible, organizations should implement strict network segmentation to restrict access to the Centreon web interface, limiting it to trusted administrative networks. Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the monitoring event logs page can provide interim protection. Additionally, review and harden user privilege assignments to minimize the number of users with the required privileges to exploit this vulnerability (PR:L). Regularly audit and monitor Centreon logs for unusual query patterns or anomalies that could indicate attempted exploitation. Finally, incorporate this vulnerability into incident response plans and conduct targeted penetration testing to verify the effectiveness of mitigations.