CVE-2025-5946

HIGH

Centreon authenticated command injection leading to RCE via broker engine

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-5946. Includes Metasploit module exploits/linux/http/centreon_auth_rce_cve_2025_5946.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in Centreon's broker engine 'reload' parameter, leading to remote code execution (RCE). It requires admin credentials to inject a payload and trigger execution via poller restart.

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/centreon_auth_rce_cve_2025_5946.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in Centreon's broker engine 'reload' parameter, leading to remote code execution (RCE). It requires admin credentials to inject a payload and trigger execution via poller restart.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Centreon Web (versions >= 19.10.0, fixed in 24.10.13, 24.04.18, 23.10.28)

Auth required

Prerequisites: Admin credentials for Centreon Web · Network access to the Centreon Web interface

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes release-notes

https://github.com/centreon/centreon/releases

Vendor Advisory vendor-advisory

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5946-centreon-web-all-versions-high-severity-5104

Scores

CVSS v3 7.2

EPSS 0.1384

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

centreon/centreon_web 23.10.0 - 23.10.28

Published Oct 14, 2025

Tracked Since Feb 18, 2026