Browse all 51 CVE security advisories affecting Centreon. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Centreon operates as an enterprise IT monitoring solution, primarily managing network infrastructure, servers, and applications to ensure operational continuity. Its architecture, which integrates web interfaces with backend agents, has historically exposed it to a wide array of security flaws. Among the 51 recorded Common Vulnerabilities and Exposures (CVEs), remote code execution and cross-site scripting are prevalent, often stemming from insufficient input validation in its web console. Additionally, privilege escalation vulnerabilities have allowed unauthorized users to gain administrative control, while SQL injection flaws have facilitated data exfiltration. These issues frequently arise from complex plugin architectures and legacy codebases. While recent updates have addressed critical paths, the sheer volume of past incidents highlights the challenges inherent in maintaining secure, feature-rich monitoring platforms. Organizations must prioritize regular patching and strict access controls to mitigate these persistent risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-6791 | Second order SQL injection available to user with low privilege — webCWE-89 | 8.8 | High | 2025-08-22 |
| CVE-2025-4650 | User with high privileges is able to introduce a SQLi using the Meta Service indicator page — webCWE-89 | 7.2 | High | 2025-08-22 |
| CVE-2025-4649 | ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. — webCWE-755 | 4.9 | Medium | 2025-05-13 |
| CVE-2025-4648 | A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. — webCWE-434 | 8.4 | High | 2025-05-13 |
| CVE-2025-4647 | A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG — webCWE-79 | 8.4 | High | 2025-05-13 |
| CVE-2025-4646 | A high privilege user is able to create and use a valid admin API token in centreon-web — webCWE-863 | 7.2 | High | 2025-05-13 |
This page lists every published CVE security advisory associated with Centreon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.