Centreon Infra Monitoring vulnerabilities
20 known vulnerabilities affecting centreon/infra_monitoring.
Total CVEs
20
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM15
Vulnerabilities
Page 1 of 1
CVE-2025-5946P2HIGHCVSS 7.2PoC≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-5946 [HIGH] CWE-78 CVE-2025-5946: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection.
On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command.
This iss
nvd
CVE-2025-15029P2CRITICALCVSS 9.8≥ 25.10.0, < 25.10.2≥ 24.10.0, < 24.10.3+1 more2026-01-05
CVE-2025-15029 [CRITICAL] CWE-89 CVE-2025-15029: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
nvd
CVE-2025-5965P2HIGHCVSS 7.2≥ 25.10.0, < 25.10.2≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-5965 [HIGH] CWE-78 CVE-2025-5965: In the backup parameters, a user with high privilege is able to concatenate custom instructions to t
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects
nvd
CVE-2025-15026P2CRITICALCVSS 9.8≥ 25.10.0, < 25.10.2≥ 24.10.0, < 24.10.3+1 more2026-01-05
CVE-2025-15026 [CRITICAL] CWE-306 CVE-2025-15026: Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awi
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
nvd
CVE-2025-8432P3HIGHCVSS 8.4≥ 24.10.0, < 24.10.6≥ 24.04.0, < 24.04.9+1 more2025-10-27
CVE-2025-8432 [HIGH] CWE-276 CVE-2025-8432: Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedd
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.
nvd
CVE-2025-12519P4MEDIUMCVSS 5.3≥ 25.10.0, < 25.10.2≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-12519 [MEDIUM] CWE-862 CVE-2025-12519: Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endp
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 2
nvd
CVE-2025-8459P4MEDIUMCVSS 5.4≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8459 [MEDIUM] CWE-79 CVE-2025-8459: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
nvd
CVE-2025-8428P4MEDIUMCVSS 5.4≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8428 [MEDIUM] CWE-79 CVE-2025-8428: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
nvd
CVE-2025-54892P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54892 [MEDIUM] CWE-79 CVE-2025-54892: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules)
allows Stored XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.1
nvd
CVE-2025-54889P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54889 [MEDIUM] CWE-79 CVE-2025-54889: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 befor
nvd
CVE-2025-54891P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54891 [MEDIUM] CWE-79 CVE-2025-54891: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 2
nvd
CVE-2025-8429P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8429 [MEDIUM] CWE-79 CVE-2025-8429: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10
nvd
CVE-2025-54893P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54893 [MEDIUM] CWE-79 CVE-2025-54893: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10
nvd
CVE-2025-8430P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.13≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8430 [MEDIUM] CWE-79 CVE-2025-8430: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.
nvd
CVE-2025-8460P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.5≥ 24.04.0, < 24.04.5+1 more2025-12-22
CVE-2025-8460 [MEDIUM] CWE-79 CVE-2025-8460: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)
allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
nvd
CVE-2025-10023P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.9≥ 24.04.0, < 24.04.16+1 more2025-10-27
CVE-2025-10023 [MEDIUM] CWE-79 CVE-2025-10023: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules)
allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
nvd
CVE-2025-12511P4MEDIUMCVSS 4.8≥ 25.10.0, < 25.10.1≥ 24.10.0, < 24.10.4+1 more2026-01-05
CVE-2025-12511 [MEDIUM] CWE-79 CVE-2025-12511: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS
to user with elevated privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.
nvd
CVE-2025-12513P4MEDIUMCVSS 4.8≥ 25.10.0, < 25.10.2≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-12513 [MEDIUM] CWE-79 CVE-2025-12513: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
nvd
CVE-2025-13056P4MEDIUMCVSS 4.8≥ 25.10.0, < 25.10.2≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-13056 [MEDIUM] CWE-79 CVE-2025-13056: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules)
allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24
nvd
CVE-2025-54890P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.15≥ 24.04.0, < 24.04.19+1 more2025-12-22
CVE-2025-54890 [MEDIUM] CWE-79 CVE-2025-54890: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.
nvd