CVE-2025-12511

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-12511

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12511.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-12511

Published

2026-01-05T14:05:52.794Z

Modified

2026-03-01T02:54:14.043584Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS

to user with elevated privileges.

This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.

Database specific

{
    "cna_assigner": "Centreon",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12511.json"
}

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type

GIT

Repo

https://github.com/centreon/centreon

Events

Introduced

2490802617f615c4e1b9f70fb92a2a3499c50261

Fixed

f37ca863272fa79ac19fa767d77a7ed8c2144c9d

Database specific

{
    "versions": [
        {
            "introduced": "25.10.0"
        },
        {
            "fixed": "25.10.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/centreon/centreon

Events

Introduced

38e3f869ec4005acb857c92e3e2671bfa60879b4

Fixed

2b60094f046e35ab15b364f099c8ba9028f1ffae

Database specific

{
    "versions": [
        {
            "introduced": "24.10.0"
        },
        {
            "fixed": "24.10.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/centreon/centreon

Events

Introduced

7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3

Fixed

190a7b7b7601f74d6d86b74d91c3b5e13663bde1

Database specific

{
    "versions": [
        {
            "introduced": "24.04.0"
        },
        {
            "fixed": "24.04.8"
        }
    ]
}

Affected versions

centreon-awie-24.*

centreon-awie-24.04.0

centreon-awie-24.10.0

centreon-awie-25.*

centreon-awie-25.10.0

centreon-dsm-24.*

centreon-dsm-24.04.0

centreon-dsm-24.04.2

centreon-dsm-24.10.0

centreon-dsm-25.*

centreon-dsm-25.10.0

centreon-gorgone-24.*

centreon-gorgone-24.04.0

centreon-gorgone-24.04.1

centreon-gorgone-24.04.2

centreon-ha-24.*

centreon-ha-24.04.0

centreon-ha-25.*

centreon-ha-25.10.0

centreon-open-tickets-24.*

centreon-open-tickets-24.04.0

centreon-open-tickets-24.04.1

centreon-open-tickets-24.10.0

centreon-open-tickets-24.10.1

centreon-open-tickets-25.*

centreon-open-tickets-25.10.0

centreon-web-24.*

centreon-web-24.04.0

centreon-web-24.04.2

centreon-web-24.04.3

centreon-web-24.04.4

centreon-web-24.04.5

centreon-web-24.04.6

centreon-web-24.04.7

centreon-web-24.10.0

centreon-web-24.10.1

centreon-web-24.10.2

centreon-web-24.10.3

centreon-web-25.*

centreon-web-25.10.0

release-onprem-20251000-25.*

release-onprem-20251000-25.10

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12511.json"