Centreon Infra Monitoring
20 CVEs affecting Centreon Infra Monitoring. Latest disclosed: 2026-01-05. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-15029 | Critical | 9.8 | 2026-01-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQ… |
CVE-2025-15026 | Critical | 9.8 | 2026-01-05 | Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not P… |
CVE-2025-8432 | High | 8.4 | 2025-10-27 | Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on th… |
CVE-2025-8459 | High | 7.7 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent do… |
CVE-2025-5965 | High | 7.2 | 2026-01-05 | In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Element… |
CVE-2025-5946 | High | 7.2 | 2025-10-14 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in t… |
CVE-2025-12513 | Medium | 6.8 | 2026-01-05 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration for… |
CVE-2025-12511 | Medium | 6.8 | 2026-01-05 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configura… |
CVE-2025-13056 | Medium | 6.8 | 2026-01-05 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu… |
CVE-2025-8460 | Medium | 6.8 | 2025-12-22 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Ope… |
CVE-2025-54890 | Medium | 6.8 | 2025-12-22 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration… |
CVE-2025-8430 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors con… |
CVE-2025-8429 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access confi… |
CVE-2025-54893 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configu… |
CVE-2025-8428 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modu… |
CVE-2025-54892 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group config… |
CVE-2025-54891 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access con… |
CVE-2025-54889 | Medium | 6.8 | 2025-10-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer… |
CVE-2025-10023 | Medium | 6.2 | 2025-10-27 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services… |
CVE-2025-12519 | Medium | 5.3 | 2026-01-05 | Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly C… |