CVE-2025-12511 Centreon — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.8 (MEDIUM)
Affected Versions	24.04.0 — 24.10.4
Fixed In	24.04.8
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Centreon
Public PoC	No

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 3

Configuration	From (including)	Up to (excluding)
Centreon Dynamic_Service_Management cpe:2.3:a:centreon:dynamic_service_management::::::::	`24.04.0`	`24.04.8`
Centreon Dynamic_Service_Management cpe:2.3:a:centreon:dynamic_service_management::::::::	`24.10.0`	`24.10.4`
Centreon Dynamic_Service_Management cpe:2.3:a:centreon:dynamic_service_management:25.10.0:::::::*	—	—