CVE-2025-12519

EPSS 0.2%
Veröffentlicht 05.01.2026 10:15:08
Zuletzt bearbeitet 26.01.2026 15:08:32
Quelle bd4443e6-1eef-43f3-9886-25fc9c
CVE-Watchlists
Login
Unerledigt
Login

Information disclosure on Administration parameters API endpoint

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Centreon ≫ Centreon Web Version >= 24.04.0 < 24.04.19

Centreon ≫ Centreon Web Version >= 24.10.0 < 24.10.15

Centreon ≫ Centreon Web Version >= 25.10.0 < 25.10.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
bd4443e6-1eef-43f3-9886-25fc9ceeaae7	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/centreon/centreon/releases

Release Notes

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-12519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12519

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-12519