4.9

CVE-2025-4649

EPSS 0.05%
Veröffentlicht 13.05.2025 11:40:23
Zuletzt bearbeitet 22.10.2025 14:05:13
Quelle bd4443e6-1eef-43f3-9886-25fc9c
CVE-Watchlists
Login
Unerledigt
Login

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.



ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Centreon ≫ Centreon Web Version >= 23.04.24 < 23.04.26

Centreon ≫ Centreon Web Version >= 23.10.19 < 23.10.21

Centreon ≫ Centreon Web Version24.04.9

Centreon ≫ Centreon Web Version24.10.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.145

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
bd4443e6-1eef-43f3-9886-25fc9ceeaae7	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/centreon/centreon/releases

Release Notes

https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-4649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4649

EUVD