Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN019 _____________________________________________________________________ DATE : 12/01/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Centreon Open Tickets versions prior to 25.10.0, 24.10.5, 24.04.5, 23.10.4. ===================================================================== https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12514-centreon-open-tickets-high-severity-5343 https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8460-centreon-open-tickets-medium-severity-5344 _____________________________________________________________________ CVE-2025-12514 - Centreon Open Tickets - High Severity lpinsivy Centreonian Publication date: December 18th, 2025 Components: centreon-open-tickets Description: A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters. Reference: CVE-2025-12514 CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Severity: High Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server: Centreon Open Tickets 25.10.0 Centreon Open Tickets 24.10.5 Centreon Open Tickets 24.04.5 Centreon Open Tickets 23.10.4 These versions include cumulative fixes from prior updates. :index_vers_la_droite: To ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to create a backup of your configuration before performing update! If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Quieroz _____________________________________________________________________ CVE-2025-8460 - Centreon Open Tickets - Medium Severity lpinsivy Centreonian Publication date: December 18th, 2025 Components: centreon-open-tickets Description: A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters. Reference: CVE-2025-8460 CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N) Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server: Centreon Open Tickets 25.10.0 Centreon Open Tickets 24.10.5 Centreon Open Tickets 24.04.5 Centreon Open Tickets 23.10.4 These versions include cumulative fixes from prior updates. :index_vers_la_droite: To ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to create a backup of your configuration before performing update! If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Quieroz ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================