{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.10.0"
              },
              {
                "fixed": "24.10.9"
              }
            ]
          },
          "events": [
            {
              "introduced": "38e3f869ec4005acb857c92e3e2671bfa60879b4"
            },
            {
              "fixed": "1e0cdcd3ead34e3dd6885dd1ef2c34fe7d9613d0"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.04.0"
              },
              {
                "fixed": "24.04.16"
              }
            ]
          },
          "events": [
            {
              "introduced": "7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3"
            },
            {
              "fixed": "56cbee29e93524392ff915beb120bc0371b1af7b"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "23.10.0"
              },
              {
                "fixed": "23.10.26"
              }
            ]
          },
          "events": [
            {
              "introduced": "755448bcd365969a97e902b856a1e5f56d80adaa"
            },
            {
              "fixed": "7b641c278db5fe0088a2043f2573f0815453e47c"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Centreon",
    "cwe_ids": [
      "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4650.json"
  },
  "details": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.",
  "id": "CVE-2025-4650",
  "modified": "2026-03-04T02:35:10.540208808Z",
  "published": "2025-08-22T18:50:42.034Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4650.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/centreon/centreon/releases"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4650"
    },
    {
      "type": "ADVISORY",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page"
}