平台
other
组件
awie
修复版本
25.10.2
24.10.3
24.04.3
CVE-2025-15029 describes a critical SQL Injection vulnerability discovered in the Awie export modules of Centreon Infra Monitoring. This vulnerability allows an unauthenticated attacker to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the system. The vulnerability affects versions 24.04.0 through 25.10.2, and a fix is available in version 25.10.2.
The SQL Injection vulnerability in Centreon Infra Monitoring's Awie export modules poses a significant risk. An attacker could leverage this flaw to bypass authentication and directly execute arbitrary SQL queries against the underlying database. This could lead to the exfiltration of sensitive data, including user credentials, monitoring configurations, and potentially even system logs. Furthermore, successful exploitation could allow an attacker to modify or delete data, disrupt monitoring services, or even gain control of the Centreon server itself. The unauthenticated nature of the vulnerability amplifies the potential impact, as it requires no prior access or credentials to exploit.
CVE-2025-15029 was publicly disclosed on 2026-01-05. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability is considered high probability due to its CRITICAL severity and the ease of exploitation via unauthenticated access. It has not yet been added to the CISA KEV catalog.
Organizations heavily reliant on Centreon Infra Monitoring for infrastructure visibility and alerting are particularly at risk. Shared hosting environments where multiple Centreon instances share a database are also vulnerable, as a compromise of one instance could potentially impact others. Legacy deployments using older versions of Centreon are especially susceptible.
• linux / server: Examine Centreon's database logs (typically in /var/log/mysql/error.log or similar) for unusual SQL queries or error messages related to injection attempts. Use journalctl -u mysql to filter for relevant events.
• database (mysql): Execute the following query to check for potentially malicious stored procedures or functions:
SHOW PROCEDURE STATUS WHERE Db = 'centreon' AND Name LIKE '%injection%';• generic web: Use curl to test the vulnerable endpoint with a simple SQL injection payload (e.g., curl 'http://your-centreon-server/awie/export?param=1' UNION SELECT 1,2,3 -- -). Analyze the response for errors or unexpected data.
disclosure
漏洞利用状态
EPSS
0.05% (14% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-15029 is to immediately upgrade Centreon Infra Monitoring to version 25.10.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. While a direct WAF rule is difficult to create due to the nature of SQL injection, strict input validation on all user-supplied data used in SQL queries is crucial. Review and harden database user permissions, limiting access to only necessary data. Monitor database logs for suspicious SQL activity. After upgrading, confirm the fix by attempting to trigger the vulnerable endpoint with a known SQL injection payload and verifying that it is properly sanitized.
Actualice Centreon Infra Monitoring a la versión 25.10.2, 24.10.3 o 24.04.3, o posterior, según corresponda. Esto corregirá la vulnerabilidad de inyección SQL en el módulo Awie export.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-15029 is a critical SQL Injection vulnerability in Centreon Infra Monitoring's Awie export modules, allowing unauthenticated attackers to execute SQL commands.
You are affected if you are running Centreon Infra Monitoring versions 24.04.0 through 25.10.2.
Upgrade to version 25.10.2 or later. Implement input validation and restrict database user permissions as temporary mitigations.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention.
Refer to the official Centreon security advisory for detailed information and updates: [https://security.centreon.com/advisories/](https://security.centreon.com/advisories/)