CVE-2025-4647

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4647
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/centreon/centreon/releases Release Notes
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
History

22 Oct 2025, 14:13

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o "Cross-site Scripting") en la web de Centreon permite XSS reflejado. Un usuario con privilegios elevados puede eludir las medidas de depuración reemplazando el contenido de un SVG existente. Este problema afecta a la web: desde la versión 24.10.0 hasta la 24.10.5, desde la versión 24.04.0 hasta la 24.04.11, desde la versión 23.10.0 hasta la 23.10.22, desde la versión 23.04.0 hasta la 23.04.27, desde la versión 22.10.0 hasta la 22.10.29.
References () https://github.com/centreon/centreon/releases - () https://github.com/centreon/centreon/releases - Release Notes
References () https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435 - () https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435 - Vendor Advisory
CPE cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
First Time Centreon
Centreon centreon Web

13 May 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-13 10:15

Updated : 2025-10-22 14:13

NVD link : CVE-2025-4647

Mitre link : CVE-2025-4647

CVE.ORG link : CVE-2025-4647

JSON object : View

Products Affected

centreon

  • centreon_web
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')