Centreon CVE 脆弱性と CVE 一覧（124）

製品（CPE）: — CVE 件数: 124

Centreon 脆弱性概要

Centreon 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk cross-site scripting and パス処理の欠陥などに関し、一部は vendor impact unexpected behavior を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2026-2750	Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	9.1	0.30%	2026-02-27	2026-03-23
CVE-2026-2749	Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	9.9	0.46%	2026-02-27	2026-03-23
CVE-2026-2751	Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	8.3	0.27%	2026-02-27	2026-03-09
CVE-2025-15029	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	9.8	11.20%	2026-01-05	2026-01-26
CVE-2025-15026	Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	9.8	0.37%	2026-01-05	2026-01-26
CVE-2025-12513	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.16%	2026-01-05	2026-01-26
CVE-2025-12511	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.16%	2026-01-05	2026-01-26
CVE-2025-13056	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.16%	2026-01-05	2026-01-26
CVE-2025-12519	Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	5.3	0.20%	2026-01-05	2026-01-26
CVE-2025-5965	In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	7.2	24.82%	2026-01-05	2026-01-26
CVE-2025-8460	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.20%	2025-12-22	2026-01-26
CVE-2025-54890	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.16%	2025-12-22	2026-01-26
CVE-2025-12514	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	7.2	0.26%	2025-12-22	2026-01-26
CVE-2025-10023	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.2	0.17%	2025-10-27	2026-01-26
CVE-2025-8459	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	7.7	0.22%	2025-10-14	2025-10-22
CVE-2025-8430	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.19%	2025-10-14	2025-10-22
CVE-2025-8429	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.19%	2025-10-14	2025-10-22
CVE-2025-54893	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.19%	2025-10-14	2025-10-22
CVE-2025-8428	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	6.8	0.22%	2025-10-14	2025-10-22
CVE-2025-5946	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.	bd4443e6-1eef-43f3-9886-25fc9ceeaae7	7.2	13.84%	2025-10-14	2025-10-22

cvelogic Threat Intelligence