CVE-2025-4649

Medium CVSS: 4.9

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.

ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Vendor

Centreon

Product

Centreon Web

CWE

CWE-755

Yayın Tarihi

2025-05-13 12:15:18

Güncelleme

2025-10-22 14:05:13

Source Identifier

bd4443e6-1eef-43f3-9886-25fc9ceeaae7

KEV Date Added

Kategoriler

CWE-755 Centreon Web MEDIUM Centreon 2025

Referanslar

https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349

Benzer Kayıtlar

Critical

CVE-2026-2749

Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue aff…

Critical

CVE-2026-2750

Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tick…

High

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web…

Critical

CVE-2025-15026

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import modul…

Critical

CVE-2025-15029

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Mon…

Medium

CVE-2025-12511

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon In…