CVE-2025-4649

EUVD-2025-14380
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.



ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CentreonCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
centreoncentreon_web
23.04.24 ≤
𝑥
< 23.04.26
centreoncentreon_web
23.10.19 ≤
𝑥
< 23.10.21
centreoncentreon_web
24.04.9
centreoncentreon_web
24.10.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349