CVE-2025-12519

MEDIUM

5.3

Description

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Details CVE

Score CVSS v3.15.3

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/5/2026

Derniere modification1/26/2026

Sourcenvd

Observations honeypot0

Produits affectes

centreon:centreon_web

Faiblesses (CWE)

CWE-862

References

https://github.com/centreon/centreon/releases(bd4443e6-1eef-43f3-9886-25fc9ceeaae7)

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359(bd4443e6-1eef-43f3-9886-25fc9ceeaae7)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.