Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Infra Monitoring — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Infra Monitoring, with AI-generated Chinese analysis, references, and POCs.

Vendor: Centreon

CVE IDTitleCVSSSeverityPaused
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module CWE-89 9.8 Critical2026-01-05
CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component CWE-306 9.8 Critical2026-01-05
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page CWE-79 6.8 Medium2026-01-05
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page CWE-79 6.8 Medium2026-01-05
CVE-2025-12519 Information disclosure on Administration parameters API endpoint CWE-862 5.3 Medium2026-01-05
CVE-2025-13056 A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page CWE-79 6.8 Medium2026-01-05
CVE-2025-5965 RCE via the backup feature available only to user with high privilege CWE-78 7.2 High2026-01-05
CVE-2025-54890 A user with elevated privileges can inject XSS in the Hostgroups configuration page CWE-79 6.8 Medium2025-12-22
CVE-2025-8460 A user with elevated privileges can inject XSS in the Notification rules configuration page CWE-79 6.8 Medium2025-12-22
CVE-2025-10023 A user with elevated privileges can inject XSS in the Services Meta-services configuration page CWE-79 6.2 Medium2025-10-27
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON CWE-276 8.4 High2025-10-27
CVE-2025-8459 A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page CWE-79 7.7 High2025-10-14
CVE-2025-8430 A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page CWE-79 6.8 Medium2025-10-14
CVE-2025-8429 A user with elevated privileges can inject XSS in the ACL Action access configuration page CWE-79 6.8 Medium2025-10-14
CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page CWE-79 6.8 Medium2025-10-14
CVE-2025-54891 A user with elevated privileges can inject XSS in the ACL Resource Access configuration page CWE-79 6.8 Medium2025-10-14
CVE-2025-54892 A user with elevated privileges can inject XSS in the SNMP traps group configuration page CWE-79 6.8 Medium2025-10-14
CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page CWE-79 6.8 Medium2025-10-14
CVE-2025-5946 RCE via the poller reload feature available only to user with high privilege CWE-78 7.2 High2025-10-14
CVE-2025-8428 XSS found in the HTTP loader widget CWE-79 6.8 Medium2025-10-14

All 20 known CVE vulnerabilities affecting Infra Monitoring with full Chinese analysis, references, and POCs where available.