Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Centreon — Vulnerabilities & Security Advisories 51

Browse all 51 CVE security advisories affecting Centreon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Centreon operates as an enterprise IT monitoring solution, primarily managing network infrastructure, servers, and applications to ensure operational continuity. Its architecture, which integrates web interfaces with backend agents, has historically exposed it to a wide array of security flaws. Among the 51 recorded Common Vulnerabilities and Exposures (CVEs), remote code execution and cross-site scripting are prevalent, often stemming from insufficient input validation in its web console. Additionally, privilege escalation vulnerabilities have allowed unauthorized users to gain administrative control, while SQL injection flaws have facilitated data exfiltration. These issues frequently arise from complex plugin architectures and legacy codebases. While recent updates have addressed critical paths, the sheer volume of past incidents highlights the challenges inherent in maintaining secure, feature-rich monitoring platforms. Organizations must prioritize regular patching and strict access controls to mitigate these persistent risks effectively.

Found 20 results / 51Clear Filters
Top products by Centreon: Centreon Infra Monitoring web Centreon BAM Infra Monitoring - Open-tickets Centreon Web on Central Server Centreon Open Tickets on Central Server
CVE IDTitleCVSSSeverityPublished
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module — Infra MonitoringCWE-89 9.8 Critical2026-01-05
CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component — Infra MonitoringCWE-306 9.8 Critical2026-01-05
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-12519 Information disclosure on Administration parameters API endpoint — Infra MonitoringCWE-862 5.3 Medium2026-01-05
CVE-2025-13056 A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-5965 RCE via the backup feature available only to user with high privilege — Infra MonitoringCWE-78 7.2 High2026-01-05
CVE-2025-54890 A user with elevated privileges can inject XSS in the Hostgroups configuration page — Infra MonitoringCWE-79 6.8 Medium2025-12-22
CVE-2025-8460 A user with elevated privileges can inject XSS in the Notification rules configuration page — Infra MonitoringCWE-79 6.8 Medium2025-12-22
CVE-2025-10023 A user with elevated privileges can inject XSS in the Services Meta-services configuration page — Infra MonitoringCWE-79 6.2 Medium2025-10-27
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON — Infra MonitoringCWE-276 8.4 High2025-10-27
CVE-2025-8459 A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page — Infra MonitoringCWE-79 7.7 High2025-10-14
CVE-2025-8430 A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-8429 A user with elevated privileges can inject XSS in the ACL Action access configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54891 A user with elevated privileges can inject XSS in the ACL Resource Access configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54892 A user with elevated privileges can inject XSS in the SNMP traps group configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-5946 RCE via the poller reload feature available only to user with high privilege — Infra MonitoringCWE-78 7.2 High2025-10-14
CVE-2025-8428 XSS found in the HTTP loader widget — Infra MonitoringCWE-79 6.8 Medium2025-10-14

This page lists every published CVE security advisory associated with Centreon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.