Publication date: December 18th, 2025
Components: centreon-open-tickets
Description: A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters.
Reference: CVE-2025-8460
CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)
Severity: Medium
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:
- Centreon Open Tickets 25.10.0
- Centreon Open Tickets 24.10.5
- Centreon Open Tickets 24.04.5
- Centreon Open Tickets 23.10.4
These versions include cumulative fixes from prior updates.
To ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to create a backup of your configuration before performing update!
If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures.
Reporter: Marcelo Quieroz
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.