彙總 Centreon 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 異常行為,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-2750 | Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 9.1 | 0.30% | 2026-02-27 | 2026-06-17 |
| CVE-2026-2749 | Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 9.9 | 0.46% | 2026-02-27 | 2026-06-17 |
| CVE-2026-2751 | Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 8.3 | 0.27% | 2026-02-27 | 2026-06-17 |
| CVE-2025-15029 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 9.8 | 11.20% | 2026-01-05 | 2026-06-17 |
| CVE-2025-15026 | Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 9.8 | 0.37% | 2026-01-05 | 2026-06-17 |
| CVE-2025-12513 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.16% | 2026-01-05 | 2026-06-17 |
| CVE-2025-12511 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.16% | 2026-01-05 | 2026-06-17 |
| CVE-2025-13056 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.16% | 2026-01-05 | 2026-06-17 |
| CVE-2025-12519 | Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 5.3 | 0.20% | 2026-01-05 | 2026-06-17 |
| CVE-2025-5965 | In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 7.2 | 24.82% | 2026-01-05 | 2026-06-17 |
| CVE-2025-8460 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.20% | 2025-12-22 | 2026-06-17 |
| CVE-2025-54890 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.16% | 2025-12-22 | 2026-06-17 |
| CVE-2025-12514 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 7.2 | 0.26% | 2025-12-22 | 2026-06-17 |
| CVE-2025-10023 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.2 | 0.17% | 2025-10-27 | 2026-06-17 |
| CVE-2025-8432 | Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 8.4 | 0.34% | 2025-10-27 | 2026-06-17 |
| CVE-2025-8459 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 7.7 | 0.22% | 2025-10-14 | 2026-06-17 |
| CVE-2025-8430 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.19% | 2025-10-14 | 2026-06-17 |
| CVE-2025-8429 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.19% | 2025-10-14 | 2026-06-17 |
| CVE-2025-54893 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.19% | 2025-10-14 | 2026-06-17 |
| CVE-2025-8428 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 6.8 | 0.22% | 2025-10-14 | 2026-06-17 |