CVE-2025-4646 is an incorrect authorization vulnerability classified under CWE-863 found in Centreon web, specifically affecting the API Token creation form modules. Centreon is an IT infrastructure monitoring software widely used by enterprises and service providers to monitor network devices, servers, and applications. The vulnerability exists in versions 24.04.0 up to but not including 24.04.10, and 24.10.0 up to but not including 24.10.4. It allows an attacker with some level of privilege to escalate their privileges by bypassing authorization checks when creating API tokens. This improper authorization flaw means that a user who should not have the ability to create or manage API tokens can do so, potentially gaining elevated access rights within the Centreon platform. The CVSS 3.1 base score is 7.2, indicating a high severity level. The vector string (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) shows that the attack can be performed remotely over the network, requires low attack complexity, but requires the attacker to have high privileges already, does not require user interaction, and impacts confidentiality, integrity, and availability fully. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk because API tokens often grant broad access to monitoring data and management functions. Exploiting this flaw could allow attackers to manipulate monitoring data, disrupt alerting mechanisms, or gain further footholds in the network. Centreon users are advised to upgrade to fixed versions beyond 24.04.10 or 24.10.4 once available. Until patches are applied, organizations should restrict access to the API token creation modules and monitor for suspicious activities related to token management.

For European organizations, the impact of CVE-2025-4646 can be substantial. Centreon is commonly used in critical infrastructure sectors such as telecommunications, energy, finance, and government agencies across Europe for real-time monitoring and alerting. Successful exploitation could allow attackers to escalate privileges within the monitoring system, potentially leading to unauthorized access to sensitive operational data, manipulation or suppression of alerts, and disruption of monitoring services. This could delay detection of other cyberattacks or system failures, increasing the risk of prolonged outages or data breaches. The full compromise of confidentiality, integrity, and availability of Centreon monitoring data could undermine trust in IT operations and compliance with regulatory requirements such as GDPR. Additionally, attackers leveraging this vulnerability might pivot to other internal systems, amplifying the overall security risk. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high severity score necessitates urgent attention.

1. Apply official patches from Centreon as soon as they are released for versions 24.04.10 and 24.10.4 or later to address the authorization flaw. 2. Until patches are available, restrict access to the API Token creation form modules to only the most trusted and necessary administrators using network segmentation and strict access control lists. 3. Implement robust monitoring and logging of API token creation and management activities to detect anomalous or unauthorized attempts promptly. 4. Enforce the principle of least privilege for all Centreon users, ensuring that only users who absolutely require token creation privileges have them. 5. Conduct regular audits of existing API tokens and revoke any that appear suspicious or unnecessary. 6. Use multi-factor authentication (MFA) for all privileged Centreon accounts to reduce the risk of credential compromise. 7. Educate administrators about the risks of privilege escalation and the importance of secure token management. 8. Consider deploying web application firewalls (WAF) with custom rules to detect and block unauthorized API token creation attempts if patching is delayed.