CVE-2025-5965

High CVSS: 7.2

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Vendor

Centreon

Product

Centreon Web

CWE

CWE-78

Yayın Tarihi

2026-01-05 10:15:55

Güncelleme

2026-01-26 15:07:47

Source Identifier

bd4443e6-1eef-43f3-9886-25fc9ceeaae7

KEV Date Added

Kategoriler

CWE-78 Centreon Web HIGH Centreon 2026

Referanslar

https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362

Benzer Kayıtlar

Critical

CVE-2026-2749

Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue aff…

Critical

CVE-2026-2750

Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tick…

High

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web…

Critical

CVE-2025-15026

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import modul…

Critical

CVE-2025-15029

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Mon…

Medium

CVE-2025-12511

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon In…