Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Centreon — Vulnerabilities & Security Advisories 51

Browse all 51 CVE security advisories affecting Centreon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Centreon operates as an enterprise IT monitoring solution, primarily managing network infrastructure, servers, and applications to ensure operational continuity. Its architecture, which integrates web interfaces with backend agents, has historically exposed it to a wide array of security flaws. Among the 51 recorded Common Vulnerabilities and Exposures (CVEs), remote code execution and cross-site scripting are prevalent, often stemming from insufficient input validation in its web console. Additionally, privilege escalation vulnerabilities have allowed unauthorized users to gain administrative control, while SQL injection flaws have facilitated data exfiltration. These issues frequently arise from complex plugin architectures and legacy codebases. While recent updates have addressed critical paths, the sheer volume of past incidents highlights the challenges inherent in maintaining secure, feature-rich monitoring platforms. Organizations must prioritize regular patching and strict access controls to mitigate these persistent risks effectively.

Top products by Centreon: Centreon Infra Monitoring web Centreon BAM Infra Monitoring - Open-tickets Centreon Web on Central Server Centreon Open Tickets on Central Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-2749 Path traversal in Centreon Open Tickets 9.9 Critical2026-02-27
CVE-2026-2750 Command Injection via CLAPI generatetraps — Centreon Open Tickets on Central ServerCWE-20 9.1 Critical2026-02-27
CVE-2026-2751 Blind SQL Injection — Centreon Web on Central Server 8.3 High2026-02-27
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module — Infra MonitoringCWE-89 9.8 Critical2026-01-05
CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component — Infra MonitoringCWE-306 9.8 Critical2026-01-05
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-12519 Information disclosure on Administration parameters API endpoint — Infra MonitoringCWE-862 5.3 Medium2026-01-05
CVE-2025-13056 A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-5965 RCE via the backup feature available only to user with high privilege — Infra MonitoringCWE-78 7.2 High2026-01-05
CVE-2025-54890 A user with elevated privileges can inject XSS in the Hostgroups configuration page — Infra MonitoringCWE-79 6.8 Medium2025-12-22
CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters — Infra Monitoring - Open-ticketsCWE-89 7.2 High2025-12-22
CVE-2025-8460 A user with elevated privileges can inject XSS in the Notification rules configuration page — Infra MonitoringCWE-79 6.8 Medium2025-12-22
CVE-2025-10023 A user with elevated privileges can inject XSS in the Services Meta-services configuration page — Infra MonitoringCWE-79 6.2 Medium2025-10-27
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON — Infra MonitoringCWE-276 8.4 High2025-10-27
CVE-2025-8459 A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page — Infra MonitoringCWE-79 7.7 High2025-10-14
CVE-2025-8430 A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-8429 A user with elevated privileges can inject XSS in the ACL Action access configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54891 A user with elevated privileges can inject XSS in the ACL Resource Access configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54892 A user with elevated privileges can inject XSS in the SNMP traps group configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-5946 RCE via the poller reload feature available only to user with high privilege — Infra MonitoringCWE-78 7.2 High2025-10-14
CVE-2025-8428 XSS found in the HTTP loader widget — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-6791 Second order SQL injection available to user with low privilege — webCWE-89 8.8 High2025-08-22
CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page — webCWE-89 7.2 High2025-08-22
CVE-2025-4649 ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. — webCWE-755 4.9 Medium2025-05-13
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. — webCWE-434 8.4 High2025-05-13
CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG — webCWE-79 8.4 High2025-05-13
CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web — webCWE-863 7.2 High2025-05-13

This page lists every published CVE security advisory associated with Centreon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.