Improper input validation in the Centreon Open Tickets module allows attackers to exploit the Central Server, leading to significant security risks and potential data integrity loss.

This vulnerability stems from a failure to properly validate user-supplied input within the Open Tickets module. This can lead to various attacks, such as cross-site scripting (XSS), injection, or other malformed data attacks against the Central Server.

The impact of improper input validation on a central monitoring platform includes the potential for unauthorized configuration changes and the theft of sensitive infrastructure data. The CVSS score of 9.1 underscores the high severity and the potential for significant operational impact.

Immediate Action: Upgrade the Centreon Open Tickets module to the latest stable versions (25.10, 24.10, or 24.04 branches).

Proactive Monitoring: Audit input logs for the Open Tickets module and check for any anomalous entries or scripts submitted through ticket forms.

Compensating Controls: Utilize a Web Application Firewall (WAF) to filter and sanitize incoming requests to the Centreon interface.

Public Exploit Available: No

Maintaining the security of monitoring modules is essential for overall network visibility. IT teams should apply the necessary updates immediately to mitigate the risk of input-based attacks against the Centreon environment.