CVE-2025-4648
Published:May 13, 2025
Updated:May 17, 2026
Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Affected Packages
https://github.com/centreon/centreon.git (GITHUB):
Affected version(s) >=centreon-web-24.04.0 <centreon-web-24.04.11Fix Suggestion:
Update to version centreon-web-24.04.11https://github.com/centreon/centreon.git (GITHUB):
Affected version(s) >=centreon-web-23.10.0 <centreon-web-23.10.22Fix Suggestion:
Update to version centreon-web-23.10.22https://github.com/centreon/centreon.git (GITHUB):
Affected version(s) >=centreon-web-23.04.0 <centreon-web-23.04.27Fix Suggestion:
Update to version centreon-web-23.04.27https://github.com/centreon/centreon.git (GITHUB):
Affected version(s) >=centreon-web-22.10.2 <centreon-web-22.10.29Fix Suggestion:
Update to version centreon-web-22.10.29https://github.com/centreon/centreon.git (GITHUB):
Affected version(s) >=centreon-web-24.10.0 <centreon-web-24.10.5Fix Suggestion:
Update to version centreon-web-24.10.5Related Resources (2)
Do you need more information?
Contact UsCVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Unrestricted Upload of File with Dangerous Type
EPSS
Base Score:
0.29