CVE-2025-12511
published 2026-01-05CVE-2025-12511: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio…
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.16%
5.9th percentile
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS
to user with elevated privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| centreon | dynamic_service_management | — | — |
| centreon | dynamic_service_management | >= 24.04.0 < 24.04.8 | 24.04.8 |
| centreon | dynamic_service_management | >= 24.10.0 < 24.10.4 | 24.10.4 |
| centreon | infra_monitoring | >= 24.04.0 < 24.04.8 | 24.04.8 |
| centreon | infra_monitoring | >= 24.10.0 < 24.10.4 | 24.10.4 |
| centreon | infra_monitoring | >= 25.10.0 < 25.10.1 | 25.10.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-53864 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
bugzilla·2025-07-11·CVSS 5.8
CVE-2025-53864 [MEDIUM] CVE-2025-53864 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
CVE-2025-53864 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.
Discussion:
This issue has been addressed in the following products:
Streams for Apache Kafka 3.0.0
Via RHSA-2025:12511 https://access.redhat.com/errata/RHSA-2025:12511
Bugzilla
CVE-2025-48924 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
bugzilla·2025-07-11·CVSS 5.3
CVE-2025-48924 [MEDIUM] CVE-2025-48924 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
CVE-2025-48924 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Discussion:
This issue has been addressed in the following products:
Streams for Apache Kafka 3.0.0
Via RHSA-2025:12511 https://access.redhat.com/errat
Bugzilla
CVE-2024-13009 jetty-server: Jetty: Gzip Request Body Buffer Corruption
bugzilla·2025-05-08·CVSS 7.2
CVE-2024-13009 [HIGH] CVE-2024-13009 jetty-server: Jetty: Gzip Request Body Buffer Corruption
CVE-2024-13009 jetty-server: Jetty: Gzip Request Body Buffer Corruption
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
Discussion:
This issue has been addressed in the following products:
Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7
Via RHSA-2025:9697 https://access.redhat.com/errata/RHSA-2025:9697
---
This issue has been addressed in the following products:
Streams for Apache Kafka 2.9.1
Via RHSA-2025:9922 https://access.redhat.com/errata/RHSA-2025:9922
---
This issue has been addressed in the following products:
Streams for Apache Kafka 3.0.0
Via RHSA-2025:12511 https://access.redhat.c
2026-01-05
Published