Multiple vulnerabilities have been discovered in Centreon Open Tickets, enabling attackers to perform SQL injection and remote indirect code injection (XSS). The security issue affects Centreon Open Tickets versions 23.x prior to 23.10.29, 24.10.x prior to 24.10.15, 24.x prior to 24.04.19, and 25.x prior to 25.10.0. The vulnerabilities are listed in the CERT‑FR bulletin with CVE identifiers CVE-2025-12514, CVE-2025-54890, and CVE-2025-8460. Users are advised to consult the vendor’s security bulletins for patches and update their software promptly. The bulletin links and CVE references are available on the CERT‑FR website. These vulnerabilities could allow unauthorized data access or execution of malicious code, posing a risk to organizations using the affected software.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0005/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.