cbcvebase.
CVE-2025-12519
published 2026-01-05

CVE-2025-12519: Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly…

PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.20%
9.8th percentile
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Affected

6 ranges
VendorProductVersion rangeFixed in
centreoncentreon_web>= 24.04.0 < 24.04.1924.04.19
centreoncentreon_web>= 24.10.0 < 24.10.1524.10.15
centreoncentreon_web>= 25.10.0 < 25.10.225.10.2
centreoninfra_monitoring>= 24.04.0 < 24.04.1924.04.19
centreoninfra_monitoring>= 24.10.0 < 24.10.1524.10.15
centreoninfra_monitoring>= 25.10.0 < 25.10.225.10.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.