{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12519", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "state": "PUBLISHED", "assignerShortName": "Centreon", "dateReserved": "2025-10-30T15:49:52.593Z", "datePublished": "2026-01-05T10:15:08.921Z", "dateUpdated": "2026-01-08T15:41:12.866Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Administration parameters API endpoint"], "product": "Infra Monitoring", "vendor": "Centreon", "versions": [{"lessThan": "25.10.2", "status": "affected", "version": "25.10.0", "versionType": "custom"}, {"lessThan": "24.10.15", "status": "affected", "version": "24.10.0", "versionType": "custom"}, {"lessThan": "24.04.19", "status": "affected", "version": "24.04.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Marcelo Quieroz"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.&nbsp;<p>This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.</p>"}], "value": "Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.\u00a0This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19."}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2026-01-08T15:41:12.866Z"}, "references": [{"tags": ["release-notes"], "url": "https://github.com/centreon/centreon/releases"}, {"tags": ["vendor-advisory"], "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359"}], "source": {"discovery": "UNKNOWN"}, "title": "Information disclosure on Administration parameters API endpoint", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-05T20:28:11.833421Z", "id": "CVE-2025-12519", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:28:27.978Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12519", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-05T20:28:11.833421Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:28:20.988Z"}}], "cna": {"title": "Information disclosure on Administration parameters API endpoint", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Marcelo Quieroz"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Centreon", "modules": ["Administration parameters API endpoint"], "product": "Infra Monitoring", "versions": [{"status": "affected", "version": "25.10.0", "lessThan": "25.10.2", "versionType": "custom"}, {"status": "affected", "version": "24.10.0", "lessThan": "24.10.15", "versionType": "custom"}, {"status": "affected", "version": "24.04.0", "lessThan": "24.04.19", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/centreon/centreon/releases", "tags": ["release-notes"]}, {"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.\u00a0This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.&nbsp;<p>This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2026-01-08T15:41:12.866Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12519", "state": "PUBLISHED", "dateUpdated": "2026-01-08T15:41:12.866Z", "dateReserved": "2025-10-30T15:49:52.593Z", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "datePublished": "2026-01-05T10:15:08.921Z", "assignerShortName": "Centreon"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations.\u00a0This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19."}], "id": "CVE-2025-12519", "lastModified": "2026-01-08T18:09:49.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary"}]}, "published": "2026-01-05T11:17:39.830", "references": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "url": "https://github.com/centreon/centreon/releases"}, {"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359"}], "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary"}]}

{}

{"created": "2026-01-06T14:17:48.100035+00:00", "updated": "2026-01-06T14:17:48.100064+00:00", "vendors": ["centreon", "centreon$PRODUCT$centreon"]}