CVE-2025-4648 in Web
Summary
by MITRE • 05/13/2025
Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/08/2025
The vulnerability CVE-2025-4648 represents a critical security flaw in the Centreon web application that combines two distinct but related attack vectors. This issue manifests as a download of code without integrity check vulnerability that enables reflected cross-site scripting attacks, creating a dangerous combination that can be exploited by attackers with elevated privileges. The vulnerability specifically targets the handling of SVG media files during submission requests, where the application fails to properly validate or sanitize the content before processing it. This weakness exists within the Centreon web interface and affects multiple version ranges across different release branches, indicating a widespread impact across the software's lifecycle.
The technical flaw resides in the application's insufficient input validation mechanisms when processing SVG media files submitted through the web interface. When a user with elevated privileges attempts to upload or modify SVG content, the system does not perform adequate integrity checks or sanitization procedures before storing or rendering the media. This allows malicious actors to inject malicious JavaScript code within the SVG content, which then gets executed when the media is rendered or processed by the application. The vulnerability is particularly concerning because it requires only elevated privileges to exploit, meaning that attackers who have already gained administrative access to the system can leverage this weakness to escalate their attacks further. The reflected XSS component means that malicious payloads can be executed in the context of the victim's browser, potentially allowing for session hijacking, data theft, or further system compromise.
The operational impact of this vulnerability extends beyond simple XSS execution, as it provides attackers with a persistent vector for maintaining access and escalating privileges within the Centreon environment. When an attacker successfully injects malicious code through SVG media, the reflected XSS can be used to steal session cookies, redirect users to malicious sites, or execute additional attacks against the underlying infrastructure. The vulnerability affects multiple major release versions of Centreon, indicating that organizations running any of these affected versions are at risk, regardless of their specific deployment scenario. This widespread impact suggests that the flaw exists in core application logic rather than being isolated to specific features or modules, making it particularly dangerous for organizations that rely heavily on Centreon for monitoring and security operations.
Organizations should immediately implement mitigations including upgrading to the latest patched versions of Centreon where available, as the vulnerability affects several release branches that have received updates. Additionally, administrators should enforce strict input validation on all media uploads, implement content security policies, and conduct regular security audits of uploaded content. The vulnerability aligns with CWE-79 which addresses cross-site scripting flaws, and represents a variant of ATT&CK technique T1059.007 for command and scripting interpreter execution. Organizations should also consider implementing web application firewalls to detect and block malicious SVG content, as well as monitoring for unusual upload patterns that might indicate exploitation attempts. Given the nature of the vulnerability requiring elevated privileges, it is crucial that organizations maintain strict access controls and implement proper privilege separation to limit the potential impact of such attacks.