Publication date: September 24th, 2025
Components: centreon-web
Description: A user with minimal rights (monitoring) can inject a JavaScript payload into a custom view in order to spoof an administrator or supervisor's session.
Reference: CVE-2025-8428
CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C)
Severity: Medium
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:
These versions include cumulative fixes from prior updates.
Reporter: SpawnZii - PGM12268-17
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.