A critical vulnerability, identified as CVE-2025-15029, has been discovered in Centreon Infra Monitoring. This flaw allows an unauthenticated attacker to execute arbitrary commands on the system's database, potentially leading to a complete compromise of the monitoring infrastructure. Successful exploitation could result in data theft, modification of critical monitoring data, and unauthorized access to the network.

The vulnerability is an unauthenticated SQL Injection flaw within the Awie export modules of Centreon Infra Monitoring. The application fails to properly sanitize user-supplied input before incorporating it into an SQL query. A remote, unauthenticated attacker can craft a malicious request to these modules, injecting arbitrary SQL commands that will be executed by the back-end database with the privileges of the application's database user. This can allow the attacker to read, modify, or delete any data in the database, and potentially escalate privileges to execute commands on the underlying operating system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a severe impact on business operations. An attacker could gain unauthorized access to sensitive infrastructure monitoring data, network configurations, and potentially credentials stored within the Centreon database. Furthermore, by manipulating or deleting monitoring data and alerts, an attacker could disrupt IT operations, hide malicious activities, and cause significant diagnostic delays. A successful attack could lead to a full system compromise, data breach, operational downtime, and considerable reputational damage.

Immediate Action: Update Centreon Infra Monitoring to a patched version immediately. The vendor has released the following secure versions: 25.10.2, 24.10.3, and 24.04.3. After patching, monitor for any signs of exploitation attempts by reviewing web server and application access logs for suspicious activity targeting the Awie export modules.

Proactive Monitoring: Implement enhanced monitoring of web server access logs for requests to Centreon endpoints, specifically looking for patterns indicative of SQL injection (e.g., UNION, SELECT, ' OR '1'='1, encoded SQL syntax). Monitor database logs for unusual or malformed queries originating from the Centreon application. Network traffic should be analyzed for anomalous connections or data exfiltration from the Centreon server.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with a strict ruleset to detect and block SQL injection attacks against the Centreon web interface.
• Restrict network access to the Centreon application, allowing connections only from trusted IP addresses and internal management networks.
• If the Awie export module is not business-critical, consider disabling it as a temporary measure until the patch can be applied.

Public Exploit Available: false

Given the critical nature of this vulnerability, immediate action is required. We strongly recommend that all organizations using the affected versions of Centreon Infra Monitoring apply the vendor-supplied patches immediately to prevent potential compromise. This vulnerability represents a significant risk to the security and availability of your IT infrastructure. Although not currently listed on the CISA KEV list, its high impact and ease of exploitation make it a prime target for attackers, and patching should be treated as the highest priority.