CVE-2025-4648

Published: May 13, 2025Modified: Oct 22, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Exploitability: 1.7 / Impact: 3.7

Source: NVD

Description

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

Affected (5)

Products: Centreon: Centreon Web

Centreon

1 product

Centreon Web

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Centreon Centreon Web	From 22.10.0 to 22.10.29
Centreon Centreon Web	From 23.04.0 to 23.04.27
Centreon Centreon Web	From 23.10.0 to 23.10.22
Centreon Centreon Web	From 24.04.0 to 24.04.11
Centreon Centreon Web	From 24.10.0 to 24.10.5

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/centreon/centreon/releases

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Release Notes

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Vendor Advisory

Timeline

No history available yet.