← Back to CVEs
CVE-2025-12519
MEDIUM5.3
Description
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/5/2026
Last Modified1/26/2026
Sourcenvd
Honeypot Sightings0
Affected Products
centreon:centreon_web
Weaknesses (CWE)
CWE-862
References
https://github.com/centreon/centreon/releases(bd4443e6-1eef-43f3-9886-25fc9ceeaae7)
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359(bd4443e6-1eef-43f3-9886-25fc9ceeaae7)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.