CVE-2025-3872 Privilege escalation by altering payload in contact form

🗓️ 24 Apr 2025 09:19:33Reported by CentreonType

CVE-2025-3872 allows privilege escalation via SQL Injection in Centreon contact form payload alteration.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-3872	24 Apr 202510:08	–	circl
CNNVD	Centreon 安全漏洞	24 Apr 202500:00	–	cnnvd
CVE	CVE-2025-3872	24 Apr 202509:19	–	cve
EUVD	EUVD-2025-12118	3 Oct 202520:07	–	euvd
NVD	CVE-2025-3872	24 Apr 202510:15	–	nvd
OSV	CVE-2025-3872 Privilege escalation by altering payload in contact form	24 Apr 202509:19	–	osv
Positive Technologies	PT-2025-17722 · Centreon · Centreon Web	24 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-3872	26 Apr 202510:13	–	redhatcve
Vulnrichment	CVE-2025-3872 Privilege escalation by altering payload in contact form	24 Apr 202509:19	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "User configuration form"
    ],
    "packageName": "centreon-web",
    "product": "Centreon",
    "vendor": "Centreon",
    "versions": [
      {
        "lessThan": "22.10.28",
        "status": "affected",
        "version": "22.10.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.04.25",
        "status": "affected",
        "version": "23.04.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.10.20",
        "status": "affected",
        "version": "23.10.0",
        "versionType": "semver"
      },
      {
        "lessThan": "24.04.10",
        "status": "affected",
        "version": "24.04.0",
        "versionType": "semver"
      },
      {
        "lessThan": "24.10.4",
        "status": "affected",
        "version": "24.10.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/centreon/centreon/releases
thewatch	www.thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55571-centreon-web-high-severity-4496

24 Apr 2025 09:19Current

CVSS 3.17.2

EPSS0.00102

CWE-89