CVE-2025-4647 HIGH

CVE-2025-4647: A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

Vendor Centreon

Product web

Weakness CWE-79 · XSS

Published May 13, 2025

Last update May 13, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

Key dates

02Disclosure timeline

May 13, 2025 CVE published

May 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4647 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-4647

CWE CWE-79

CVSS 8.4 / HIGH

Affected versions

Vendor Centreon

Product web

Affected ≥ 24.10.0 and < 24.10.5

Vendor Centreon

Product web

Affected ≥ 24.04.0 and < 24.04.11

Vendor Centreon

Product web

Affected ≥ 23.10.0 and < 23.10.22

Vendor Centreon

Product web

Affected ≥ 23.04.0 and < 23.04.27

Vendor Centreon

Product web

Affected ≥ 22.10.0 and < 22.10.29

CVE-2025-4647: A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

01Description

02Disclosure timeline

03References

04Related CVE