CVE-2025-4649

Description

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Centreon / web24.10.3 – 24.10.4
Centreon / web24.04.09 – 24.04.10
Centreon / web23.10.19 – 23.10.21
Centreon / web23.04.24 – 23.04.26

References

MISChttps://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349
PATCHhttps://github.com/centreon/centreon/releases