Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4649

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Published

2025-05-13T12:15:18.047

Last Modified

2025-10-22T14:05:13.117

Status

Analyzed

Source

bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-755

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	centreon	centreon_web	< 23.04.26	Yes
Application	centreon	centreon_web	< 23.10.21	Yes
Application	centreon	centreon_web	24.04.9	Yes
Application	centreon	centreon_web	24.10.3	Yes

References

https://github.com/centreon/centreon/releases Release Notes (bd4443e6-1eef-43f3-9886-25fc9ceeaae7)
https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349 Vendor Advisory (bd4443e6-1eef-43f3-9886-25fc9ceeaae7)