CVE-2025-4649
Last modified
CVE-2025-4649 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Centreon | Centreon Web | >= 23.04.24, < 23.04.26 |
| Centreon | Centreon Web | >= 23.10.19, < 23.10.21 |
| Centreon | Centreon Web | 24.04.9 |
| Centreon | Centreon Web | 24.10.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-4649?
How severe is CVE-2025-4649?
How do I fix CVE-2025-4649?
Are you affected by CVE-2025-4649?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST