Skip to main content
Security Bulletin

CVE-2025-13056 - Centreon Web - MEDIUM Severity

  • January 8, 2026
  • 2 replies
  • 217 views
lpinsivy
Centreonian
Forum|alt.badge.img+21

Publication date: January 8th, 2026

Components: centreon-web

Description: A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page.

ReferenceCVE-2025-13056

CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

Severity: Medium

 

Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:

These versions include cumulative fixes from prior updates.

If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures.

 

Reporter: Marcelo Queiroz

 

Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

 

 

 

2 replies

A
Forum|alt.badge.img+11

@lpinsivy I’m unsure of a detail. Isn’t the 23.10 not maintained anymore ?

The 23.10.29 dates from November 17, 2025 https://archives-docs.centreon.com/23.10/docs/releases/centreon-os/#231029

 

Is that simply a mistake or is there a security update on that release ?

 

I see it’s a retroactive buletin, but still.

lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Author
  • Centreonian
  • January 8, 2026

Hi ​@Alexandre Belhomme yes the 23.10.X is not maintained anymore but the fix was already developed and backported. I made a mistake in publication date (copy paste), I will change it.

    Terms & ConditionsCookie settingsAccessibility statement