CVE-2025-12519

MEDIUM

Centreon Infra Monitoring <25.10.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.0020
EPSS Percentile 9.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
centreon/centreon_web 24.04.0 - 24.04.19
Published Jan 05, 2026
Tracked Since Feb 18, 2026