CVE-2025-4649

MEDIUM

Centreon web <24.10.4 - Privilege Escalation

Title source: llm

Description

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

References (2)

[Vendor Advisory] https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349

[Release Notes] https://github.com/centreon/centreon/releases

Scores

CVSS v3 4.9

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-755

Status published

Products (3)

centreon/centreon_web 24.04.9

centreon/centreon_web 24.10.3

centreon/centreon_web 23.04.24 - 23.04.26

Published May 13, 2025

Tracked Since Feb 18, 2026