Cross-Site Scripting Vulnerability in Centreon Infra Monitoring
CVE-2025-12513

6.8MEDIUM

Key Information:

Vendor

Centreon

Status
Infra Monitoring
Vendor
CVE Published:
5 January 2026

What is CVE-2025-12513?

A Cross-Site Scripting (XSS) vulnerability exists in Centreon Infra Monitoring, specifically in the Hosts configuration form modules. This flaw allows users with elevated privileges to execute malicious scripts in a web browser, potentially compromising sensitive data and user sessions. The vulnerability affects specific versions of Infra Monitoring within ranges identified, highlighting the need for immediate remediation to protect against exploitation.

Affected Version(s)

Infra Monitoring 25.10.0 < 25.10.2

Infra Monitoring 24.10.0 < 24.10.15

Infra Monitoring 24.04.0 < 24.04.19

References

https://github.com/centreon/centreon/releases
release-notes
https://thewatch.centreon.com/latest-security-bulletins-6...
vendor-advisory

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marcelo Queiroz
.