PT-2025-20881 · Centreon · Centreon Web
Published
2025-05-13
·
Updated
2025-10-22
·
CVE-2025-4648
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Centreon web versions 22.10.0 through 22.10.29
Centreon web versions 23.04.0 through 23.04.27
Centreon web versions 23.10.0 through 23.10.22
Centreon web versions 24.04.0 through 24.04.11
Centreon web versions 24.10.0 through 24.10.5
Description:
The issue affects Centreon web, allowing a Reflected XSS attack due to a Download of Code Without Integrity Check vulnerability. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
Recommendations:
For versions 22.10.0 through 22.10.29, update to a version after 22.10.29.
For versions 23.04.0 through 23.04.27, update to a version after 23.04.27.
For versions 23.10.0 through 23.10.22, update to a version after 23.10.22.
For versions 24.04.0 through 24.04.11, update to a version after 24.04.11.
For versions 24.10.0 through 24.10.5, update to a version after 24.10.5.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centreon Web