Search criteria
8 vulnerabilities found for AWIE by Centreon
CERTFR-2026-AVI-0015
Vulnerability from certfr_avis - Published: 2026-01-08 - Updated: 2026-01-08
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | DSM | DSM versions 23.10.x antérieures à 23.10.5 | ||
| Centreon | DSM | DSM versions 25.10.x antérieures à 25.10.1 | ||
| Centreon | DSM | DSM versions 24.10.x antérieures à 24.10.4 | ||
| Centreon | Web | Web versions 25.10.x antérieures à 25.10.2 | ||
| Centreon | AWIE | AWIE versions 24.10.x antérieures à 24.10.3 | ||
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.15 | ||
| Centreon | AWIE | AWIE versions 24.04.x antérieures à 24.04.3 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.29 | ||
| Centreon | DSM | DSM versions 24.04.x antérieures à 24.04.8 | ||
| Centreon | AWIE | AWIE versions 25.10.x antérieures à 25.10.2 | ||
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.19 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DSM versions 23.10.x ant\u00e9rieures \u00e0 23.10.5",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "DSM versions 25.10.x ant\u00e9rieures \u00e0 25.10.1",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "DSM versions 24.10.x ant\u00e9rieures \u00e0 24.10.4",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 25.10.x ant\u00e9rieures \u00e0 25.10.2",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "AWIE versions 24.10.x ant\u00e9rieures \u00e0 24.10.3",
"product": {
"name": "AWIE",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.15",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "AWIE versions 24.04.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "AWIE",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.29",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "DSM versions 24.04.x ant\u00e9rieures \u00e0 24.04.8",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "AWIE versions 25.10.x ant\u00e9rieures \u00e0 25.10.2",
"product": {
"name": "AWIE",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-15026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15026"
},
{
"name": "CVE-2025-12513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12513"
},
{
"name": "CVE-2025-13056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13056"
},
{
"name": "CVE-2025-5965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5965"
},
{
"name": "CVE-2025-12519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12519"
},
{
"name": "CVE-2025-15029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15029"
},
{
"name": "CVE-2025-12511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12511"
}
],
"initial_release_date": "2026-01-08T00:00:00",
"last_revision_date": "2026-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-15026-centreon-awie-critical-severity-5357",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-5965-centreon-web-high-severity-5362",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12513-centreon-web-medium-severity-5360",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12513-centreon-web-medium-severity-5360"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-15029-centreon-awie-critical-severity-5356",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12519-centreon-web-medium-severity-5359",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-13056-centreon-web-medium-severity-5358",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12511-centreon-dsm-medium-severity-5361",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12511-centreon-dsm-medium-severity-5361"
}
]
}
CVE-2025-15029 (GCVE-0-2025-15029)
Vulnerability from nvd – Published: 2026-01-05 14:34 – Updated: 2026-01-08 15:42
VLAI?
Title
An unauthenticated user is able to introduce SQL Injection using the Awie export module
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring |
Affected:
25.10.0 , < 25.10.2
(custom)
Affected: 24.10.0 , < 24.10.3 (custom) Affected: 24.04.0 , < 24.04.3 (custom) |
Credits
marceloQJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T16:46:04.070265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T17:20:52.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Awie export"
],
"product": "Infra Monitoring",
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10.2",
"status": "affected",
"version": "25.10.0",
"versionType": "custom"
},
{
"lessThan": "24.10.3",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.3",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "marceloQJ"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.\n\n\u003cp\u003eThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:42:26.198Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An unauthenticated user is able to introduce SQL Injection using the Awie export module",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-15029",
"datePublished": "2026-01-05T14:34:02.986Z",
"dateReserved": "2025-12-22T14:27:26.825Z",
"dateUpdated": "2026-01-08T15:42:26.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15026 (GCVE-0-2025-15026)
Vulnerability from nvd – Published: 2026-01-05 14:31 – Updated: 2026-01-08 15:42
VLAI?
Title
Unauthenticated configuration import allows administrative account creation using AWIE component
Summary
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring |
Affected:
25.10.0 , < 25.10.2
(custom)
Affected: 24.10.0 , < 24.10.3 (custom) Affected: 24.04.0 , < 24.04.3 (custom) |
Credits
marceloQJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:19:51.218301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:19:59.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Awie import"
],
"packageName": "centreon-awie",
"product": "Infra Monitoring",
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10.2",
"status": "affected",
"version": "25.10.0",
"versionType": "custom"
},
{
"lessThan": "24.10.3",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.3",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "marceloQJ"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.\n\n\u003cp\u003eThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:42:06.582Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated configuration import allows administrative account creation using AWIE component",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-15026",
"datePublished": "2026-01-05T14:31:34.223Z",
"dateReserved": "2025-12-22T09:36:24.995Z",
"dateUpdated": "2026-01-08T15:42:06.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-15029
Vulnerability from fkie_nvd - Published: 2026-01-05 15:15 - Updated: 2026-01-26 15:30
Severity ?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:awie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C79E858-3E29-4916-9516-E1B7E3EF62B0",
"versionEndExcluding": "24.04.3",
"versionStartIncluding": "24.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:awie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2DA74C-7DB5-47F3-A8E8-7F55E4C73B7B",
"versionEndExcluding": "24.10.3",
"versionStartIncluding": "24.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:awie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79268CBB-6F6E-45DF-89AA-0D47A201D600",
"versionEndExcluding": "25.10.2",
"versionStartIncluding": "25.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3."
}
],
"id": "CVE-2025-15029",
"lastModified": "2026-01-26T15:30:13.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"type": "Secondary"
}
]
},
"published": "2026-01-05T15:15:44.330",
"references": [
{
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"tags": [
"Release Notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356"
}
],
"sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-15026
Vulnerability from fkie_nvd - Published: 2026-01-05 15:15 - Updated: 2026-01-26 15:30
Severity ?
Summary
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:awie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C79E858-3E29-4916-9516-E1B7E3EF62B0",
"versionEndExcluding": "24.04.3",
"versionStartIncluding": "24.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:awie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2DA74C-7DB5-47F3-A8E8-7F55E4C73B7B",
"versionEndExcluding": "24.10.3",
"versionStartIncluding": "24.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:awie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79268CBB-6F6E-45DF-89AA-0D47A201D600",
"versionEndExcluding": "25.10.2",
"versionStartIncluding": "25.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3."
}
],
"id": "CVE-2025-15026",
"lastModified": "2026-01-26T15:30:46.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"type": "Secondary"
}
]
},
"published": "2026-01-05T15:15:44.177",
"references": [
{
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"tags": [
"Release Notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357"
}
],
"sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"type": "Secondary"
}
]
}
CVE-2025-15029 (GCVE-0-2025-15029)
Vulnerability from cvelistv5 – Published: 2026-01-05 14:34 – Updated: 2026-01-08 15:42
VLAI?
Title
An unauthenticated user is able to introduce SQL Injection using the Awie export module
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring |
Affected:
25.10.0 , < 25.10.2
(custom)
Affected: 24.10.0 , < 24.10.3 (custom) Affected: 24.04.0 , < 24.04.3 (custom) |
Credits
marceloQJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T16:46:04.070265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T17:20:52.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Awie export"
],
"product": "Infra Monitoring",
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10.2",
"status": "affected",
"version": "25.10.0",
"versionType": "custom"
},
{
"lessThan": "24.10.3",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.3",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "marceloQJ"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.\n\n\u003cp\u003eThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:42:26.198Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An unauthenticated user is able to introduce SQL Injection using the Awie export module",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-15029",
"datePublished": "2026-01-05T14:34:02.986Z",
"dateReserved": "2025-12-22T14:27:26.825Z",
"dateUpdated": "2026-01-08T15:42:26.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15026 (GCVE-0-2025-15026)
Vulnerability from cvelistv5 – Published: 2026-01-05 14:31 – Updated: 2026-01-08 15:42
VLAI?
Title
Unauthenticated configuration import allows administrative account creation using AWIE component
Summary
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring |
Affected:
25.10.0 , < 25.10.2
(custom)
Affected: 24.10.0 , < 24.10.3 (custom) Affected: 24.04.0 , < 24.04.3 (custom) |
Credits
marceloQJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:19:51.218301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:19:59.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Awie import"
],
"packageName": "centreon-awie",
"product": "Infra Monitoring",
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10.2",
"status": "affected",
"version": "25.10.0",
"versionType": "custom"
},
{
"lessThan": "24.10.3",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.3",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "marceloQJ"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.\n\n\u003cp\u003eThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:42:06.582Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated configuration import allows administrative account creation using AWIE component",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-15026",
"datePublished": "2026-01-05T14:31:34.223Z",
"dateReserved": "2025-12-22T09:36:24.995Z",
"dateUpdated": "2026-01-08T15:42:06.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}