CVE-2025-4648 – This vulnerability allows reflected cross-site ... (How to Fix)

Q: What is the severity of CVE-2025-4648?

CVE-2025-4648 has a CVSS score of 8.4 (HIGH). This vulnerability allows reflected cross-site scripting (XSS) in Centreon web interface via malicious SVG file uploads. An authenticated user with elevated privileges can inject JavaScript by manipulating SVG content during submission requests. This affects Centreon web versions from 22.10.0 to 24.10.4 across multiple release branches.

📋 TL;DR

This vulnerability allows reflected cross-site scripting (XSS) in Centreon web interface via malicious SVG file uploads. An authenticated user with elevated privileges can inject JavaScript by manipulating SVG content during submission requests. This affects Centreon web versions from 22.10.0 to 24.10.4 across multiple release branches.

💻 Affected Systems

Products:

Centreon Web

Versions: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29

Operating Systems: All platforms running Centreon

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with media upload privileges; SVG file upload functionality must be enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker steals administrator credentials, takes full control of Centreon monitoring system, and potentially pivots to monitored infrastructure.

🟠

Likely Case

Privileged insider or compromised account executes malicious JavaScript to steal session cookies, perform actions as other users, or deface the interface.

🟢

If Mitigated

Limited impact due to proper input validation, privilege separation, and Content Security Policy headers preventing script execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with media upload permissions; reflected XSS typically has low technical complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.10.5, 24.04.11, 23.10.22, 23.04.27, 22.10.29

Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434

Restart Required: Yes

Instructions:

1. Backup Centreon configuration and database. 2. Update Centreon web to patched version via package manager. 3. Restart Centreon services. 4. Verify version update.

🔧 Temporary Workarounds

Disable SVG Media Upload

all

Temporarily disable SVG file upload functionality in Centreon web interface.

# Modify Centreon configuration to restrict media upload types

Implement WAF Rules

all

Add web application firewall rules to block malicious SVG content and XSS payloads.

# Example ModSecurity rule: SecRule ARGS "@rx <script" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Restrict media upload permissions to minimal required users only
Implement Content Security Policy headers to block inline script execution

🔍 How to Verify

Check if Vulnerable:

Check Centreon web version via web interface or command: rpm -q centreon-web

Check Version:

rpm -q centreon-web || dpkg -l centreon-web

Verify Fix Applied:

Confirm version is patched: centreon -v should show 24.10.5, 24.04.11, 23.10.22, 23.04.27, or 22.10.29

📡 Detection & Monitoring

Log Indicators:

Unusual SVG file uploads
JavaScript execution in media upload requests
Multiple failed upload attempts with script tags

Network Indicators:

HTTP POST requests to media upload endpoints containing script tags
Reflected XSS payloads in URL parameters

SIEM Query:

source="centreon-web" AND (url="*upload*" OR url="*media*") AND (content="<script" OR content="javascript:")

📊 Metadata

CVE ID: CVE-2025-4648

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.07% exploit probability (22th percentile)

Published: May 13, 2025

Last Updated: October 22, 2025

🔗 References

https://github.com/centreon/centreon/releases Release Notes
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4648, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable SVG Media Upload

Implement WAF Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities