Vulnerability-Lookup

CVE-2025-4650 (GCVE-0-2025-4650)

Vulnerability from cvelistv5 – Published: 2025-08-22 18:50 – Updated: 2025-08-22 19:01

Title

User with high privileges is able to introduce a SQLi using the Meta Service indicator page

Summary

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

Centreon

References

URL

Tags

	https://github.com/centreon/centreon/releases	release-notes
	https://thewatch.centreon.com/latest-security-bul…	vendor-advisory

Impacted products

	Vendor	Product	Version
	Centreon	web	Affected: 24.10.0 , < 24.10.9 (semver) Affected: 24.04.0 , < 24.04.16 (semver) Affected: 23.10.0 , < 23.10.26 (semver)

Credits

SpawnZii for YesWeHack

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T19:01:00.491601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-22T19:01:11.903Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Meta service indicator page"
          ],
          "product": "web",
          "vendor": "Centreon",
          "versions": [
            {
              "lessThan": "24.10.9",
              "status": "affected",
              "version": "24.10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.04.16",
              "status": "affected",
              "version": "24.04.0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.10.26",
              "status": "affected",
              "version": "23.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "SpawnZii for YesWeHack"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.\u003c/p\u003e"
            }
          ],
          "value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T18:56:49.007Z",
        "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "shortName": "Centreon"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/centreon/centreon/releases"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
    "assignerShortName": "Centreon",
    "cveId": "CVE-2025-4650",
    "datePublished": "2025-08-22T18:50:42.034Z",
    "dateReserved": "2025-05-13T11:40:55.019Z",
    "dateUpdated": "2025-08-22T19:01:11.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4650\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-22T19:01:00.491601Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-22T19:01:05.703Z\"}}], \"cna\": {\"title\": \"User with high privileges is able to introduce a SQLi using the Meta Service indicator page\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"SpawnZii for YesWeHack\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-66 SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Centreon\", \"modules\": [\"Meta service indicator page\"], \"product\": \"web\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.10.0\", \"lessThan\": \"24.10.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.04.0\", \"lessThan\": \"24.04.16\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.10.0\", \"lessThan\": \"23.10.26\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/centreon/centreon/releases\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"bd4443e6-1eef-43f3-9886-25fc9ceeaae7\", \"shortName\": \"Centreon\", \"dateUpdated\": \"2025-08-22T18:56:49.007Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-4650\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-22T19:01:11.903Z\", \"dateReserved\": \"2025-05-13T11:40:55.019Z\", \"assignerOrgId\": \"bd4443e6-1eef-43f3-9886-25fc9ceeaae7\", \"datePublished\": \"2025-08-22T18:50:42.034Z\", \"assignerShortName\": \"Centreon\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-Q7XG-5X7P-MH5Q

Vulnerability from github – Published: 2025-08-22 21:31 – Updated: 2025-08-22 21:31

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-4650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T19:15:38Z",
    "severity": "HIGH"
  },
  "details": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.",
  "id": "GHSA-q7xg-5x7p-mh5q",
  "modified": "2025-08-22T21:31:16Z",
  "published": "2025-08-22T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4650"
    },
    {
      "type": "WEB",
      "url": "https://github.com/centreon/centreon/releases"
    },
    {
      "type": "WEB",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0662

Vulnerability from certfr_avis - Published: 2025-08-07 - Updated: 2025-08-07

De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Centreon	License Manager	License Manager versions antérieures 24.10.x à 24.10.3
Centreon	License Manager	License Manager versions antérieures à 23.10.6
Centreon	Web	Centreon versions antérieures à 23.10.26
Centreon	Web	Centreon versions antérieures 24.04.x à 24.04.16
Centreon	License Manager	License Manager versions antérieures 24.04.x à 24.04.5
Centreon	Web	Centreon versions antérieures 24.10.x à 24.10.9

References

Title

Publication Time

CNVD-2025-24418

Vulnerability from cnvd - Published: 2025-10-21

Title

Centreon Web SQL注入漏洞（CNVD-2025-24418）

Description

Centreon Web是法国Centreon公司的一套开源的系统监控工具。该产品主要提供对网络、系统和应用程序等资源的监控功能。 Centreon Web存在安全漏洞，该漏洞源于Meta Service指标页面存在SQL注入。攻击者可利用该漏洞执行SQL注入攻击。

Severity

高

Patch Name

Centreon Web SQL注入漏洞（CNVD-2025-24418）的补丁

Patch Description

Centreon Web是法国Centreon公司的一套开源的系统监控工具。该产品主要提供对网络、系统和应用程序等资源的监控功能。 Centreon Web存在安全漏洞，该漏洞源于Meta Service指标页面存在SQL注入。攻击者可利用该漏洞执行SQL注入攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://github.com/centreon/centreon/releases

Reference

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901 https://github.com/centreon/centreon/releases https://access.redhat.com/security/cve/cve-2025-4650 https://nvd.nist.gov/vuln/detail/CVE-2025-4650

Impacted products

Name
['Centreon Centreon Web >=24.10.0，<24.10.9', 'Centreon Centreon Web >=24.04.0，<24.04.16', 'Centreon Centreon Web >=23.10.0，<23.10.26']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-4650",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-4650"
    }
  },
  "description": "Centreon Web\u662f\u6cd5\u56fdCentreon\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7cfb\u7edf\u76d1\u63a7\u5de5\u5177\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u63d0\u4f9b\u5bf9\u7f51\u7edc\u3001\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u7b49\u8d44\u6e90\u7684\u76d1\u63a7\u529f\u80fd\u3002\n\nCentreon Web\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eMeta Service\u6307\u6807\u9875\u9762\u5b58\u5728SQL\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884cSQL\u6ce8\u5165\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://github.com/centreon/centreon/releases",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-24418",
  "openTime": "2025-10-21",
  "patchDescription": "Centreon Web\u662f\u6cd5\u56fdCentreon\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7cfb\u7edf\u76d1\u63a7\u5de5\u5177\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u63d0\u4f9b\u5bf9\u7f51\u7edc\u3001\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u7b49\u8d44\u6e90\u7684\u76d1\u63a7\u529f\u80fd\u3002\r\n\r\nCentreon Web\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eMeta Service\u6307\u6807\u9875\u9762\u5b58\u5728SQL\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884cSQL\u6ce8\u5165\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Centreon Web SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2025-24418\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Centreon Centreon Web \u003e=24.10.0\uff0c\u003c24.10.9",
      "Centreon Centreon Web \u003e=24.04.0\uff0c\u003c24.04.16",
      "Centreon Centreon Web \u003e=23.10.0\uff0c\u003c23.10.26"
    ]
  },
  "referenceLink": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901\r\nhttps://github.com/centreon/centreon/releases\r\nhttps://access.redhat.com/security/cve/cve-2025-4650\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4650",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-17",
  "title": "Centreon Web SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2025-24418\uff09"
}

FKIE_CVE-2025-4650

Vulnerability from fkie_nvd - Published: 2025-08-22 19:15 - Updated: 2025-10-22 14:05

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	https://github.com/centreon/centreon/releases	Release Notes
	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901	Vendor Advisory

Impacted products

Vendor	Product	Version
centreon	centreon_web	*
centreon	centreon_web	*
centreon	centreon_web	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C26D15FD-EFFC-48FE-BC84-A518F91148DB",
              "versionEndExcluding": "23.10.26",
              "versionStartIncluding": "23.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19652073-5857-4F6A-85E0-A2B35E36AA25",
              "versionEndExcluding": "24.04.16",
              "versionStartIncluding": "24.04.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E5A4E9-BADF-463F-9632-200EFFDC8F36",
              "versionEndExcluding": "24.10.9",
              "versionStartIncluding": "24.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26."
    },
    {
      "lang": "es",
      "value": "Un usuario con privilegios elevados puede introducir un SQLi mediante la p\u00e1gina indicadora de Metaservicio. Esto se debe a una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL. Este problema afecta a la web: desde la versi\u00f3n 24.10.0 hasta la 24.10.9, desde la versi\u00f3n 24.04.0 hasta la 24.04.16, desde la versi\u00f3n 23.10.0 hasta la 23.10.26."
    }
  ],
  "id": "CVE-2025-4650",
  "lastModified": "2025-10-22T14:05:53.193",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-22T19:15:38.980",
  "references": [
    {
      "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/centreon/centreon/releases"
    },
    {
      "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
    }
  ],
  "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-4650 (GCVE-0-2025-4650)

GHSA-Q7XG-5X7P-MH5Q

CERTFR-2025-AVI-0662

Solutions

CNVD-2025-24418

FKIE_CVE-2025-4650

Tags

Sightings

Nomenclature