CVE-2025-8432

HIGH

Centreon Infra Monitoring <24.10.6-<24.04.9-<23.10.15 - Info Disclo...

Title source: llm

Description

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

References (2)

[Various Sources] https://github.com/centreon/centreon/releases

[Various Sources] https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180

Scores

CVSS v3 8.4

EPSS 0.0095

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (3)

Centreon/Infra Monitoring 23.10.0 - 23.10.15

Centreon/Infra Monitoring 24.04.0 - 24.04.9

Centreon/Infra Monitoring 24.10.0 - 24.10.6

Published Oct 27, 2025

Tracked Since Feb 18, 2026