CVE-2025-12519
Missing Authorization in Centreon Infra Monitoring Causes Data Disclosure
Publication date: 2026-01-05
Last updated on: 2026-01-05
Assigner: Centreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| centreon | infra_monitoring | From 25.10.0 (inc) to 25.10.2 (exc) |
| centreon | infra_monitoring | From 24.10.0 (inc) to 24.10.15 (exc) |
| centreon | infra_monitoring | From 24.04.0 (inc) to 24.04.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in Centreon Infra Monitoring's Administration parameters API endpoint modules. It allows unauthorized users to access functionality that is not properly restricted by Access Control Lists (ACLs), leading to information disclosure such as details about downtime or acknowledgement configurations.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information related to system downtime and acknowledgement configurations. This could potentially allow attackers to gain insights into system status and monitoring configurations, which may be used to plan further attacks or disrupt operations.