CVE-2025-5965
HIGHCentreon Web 24.04.0-24.04.18 - Authenticated OS Command Injection in Backup Configuration
Title source: llmDescription
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
References (2)
Core 2
Core References
Release Notes release-notes
https://github.com/centreon/centreon/releases
Patch, Vendor Advisory vendor-advisory
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362
Scores
CVSS v3
7.2
EPSS
0.2482
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
centreon/centreon_web
24.04.0 - 24.04.19
Published
Jan 05, 2026
Tracked Since
Feb 18, 2026