CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4649: ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available ...

4.9 CVSS

Description

Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.

This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Classification

CVE ID: CVE-2025-4649

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.9

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-269 Improper Privilege Management

Affected Products

Vendor: Centreon

Product: web

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.69% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4649
https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349
https://github.com/centreon/centreon/releases

Timeline

2025-05-13 12:40:18 UTC
CVE

ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available ...