CVE-2025-12519 is a missing authorization vulnerability (CWE-862) identified in Centreon Infra Monitoring, a widely used IT infrastructure monitoring solution. The flaw exists in the Administration parameters API endpoint modules, where access control lists (ACLs) are improperly enforced or absent. This allows unauthenticated remote attackers to invoke administrative functions that should be restricted, thereby accessing sensitive information such as system downtime records and acknowledgement configurations. The vulnerability affects multiple versions: from 24.04.0 before 24.04.19, 24.10.0 before 24.10.15, and 25.10.0 before 25.10.2. The CVSS v3.1 base score is 5.3 (medium), reflecting that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality only (C:L), with no impact on integrity or availability. Exploitation does not require authentication, increasing risk of unauthorized information disclosure. Although no public exploits are known, the exposure of monitoring data could aid attackers in reconnaissance and planning further attacks. Centreon Infra Monitoring is critical for operational visibility in many enterprises, making this vulnerability significant for organizations relying on it for infrastructure health and incident response.

For European organizations, the primary impact is unauthorized disclosure of sensitive operational data, including downtime and acknowledgement configurations. Such information can reveal system weaknesses, maintenance schedules, or incident responses, potentially aiding attackers in timing or tailoring attacks. While the vulnerability does not directly compromise system integrity or availability, the leakage of monitoring data can undermine operational security and trust. Organizations in sectors with critical infrastructure, such as energy, telecommunications, finance, and government, may face increased risk if attackers leverage this information for targeted attacks. Additionally, compliance with data protection regulations like GDPR may be affected if sensitive operational data is exposed. The ease of remote exploitation without authentication increases the urgency for mitigation, especially in environments where Centreon Infra Monitoring APIs are exposed or accessible from untrusted networks.

1. Apply official patches from Centreon immediately once available for affected versions to enforce proper authorization checks on API endpoints. 2. Restrict network access to Centreon Infra Monitoring API endpoints using firewalls, VPNs, or network segmentation to limit exposure to trusted administrators only. 3. Implement strong authentication and authorization mechanisms around the monitoring infrastructure, including multi-factor authentication for administrative access. 4. Monitor API access logs for unusual or unauthorized requests, focusing on access to administrative endpoints. 5. Conduct regular security assessments and penetration testing on monitoring systems to identify and remediate authorization weaknesses. 6. Educate IT and security teams about the risks of exposing monitoring APIs and enforce least privilege principles. 7. Consider deploying Web Application Firewalls (WAFs) or API gateways that can detect and block unauthorized access attempts to sensitive endpoints. 8. Review and harden ACL configurations within Centreon Infra Monitoring to ensure only authorized roles have access to sensitive functions.