CVE-2025-4649 is an Improper Privilege Management vulnerability (CWE-269) identified in Centreon web, a widely used IT infrastructure monitoring software. The vulnerability arises from the incorrect enforcement of Access Control Lists (ACLs) on the "event logs" page, which is intended to be accessible only by users with high privileges. Due to this flaw, users with elevated but not necessarily full administrative privileges can view all available event logs, effectively escalating their privileges beyond intended limits. This exposure compromises the confidentiality of sensitive log data, which may contain critical operational details or security-related events. The affected versions include Centreon web releases from 23.04.24 up to but not including 23.04.26, 23.10.19 up to 23.10.21, 24.04.09 up to 24.04.10, and 24.10.3 up to 24.10.4. The vulnerability has a CVSS v3.1 base score of 4.9 (medium severity), reflecting that it is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no official patches have been linked yet. The flaw stems from improper privilege checks that fail to restrict access to sensitive event logs, allowing unauthorized data disclosure to users with elevated but insufficient privileges.

For European organizations using Centreon web for IT infrastructure monitoring, this vulnerability poses a risk of unauthorized disclosure of sensitive event logs. Such logs often contain detailed records of system events, security alerts, and operational data that could be leveraged by malicious insiders or attackers who have gained elevated access to further reconnaissance or lateral movement within the network. The exposure of these logs could facilitate targeted attacks, hinder incident response by revealing monitoring activities, or violate data protection regulations if logs contain personal or sensitive information. While the vulnerability does not directly allow modification or disruption of services, the confidentiality breach can undermine trust in monitoring systems and complicate compliance with GDPR and other European data protection laws. Organizations in critical infrastructure sectors, finance, healthcare, and government are particularly at risk due to the sensitive nature of their monitored environments and the regulatory scrutiny they face.

European organizations should prioritize upgrading Centreon web installations to the fixed versions beyond 23.04.26, 23.10.21, 24.04.10, or 24.10.4 as soon as official patches become available. Until patches are applied, administrators should restrict access to the event logs page strictly to the minimum necessary users with verified high privileges and audit current user roles to ensure no excessive permissions are granted. Implementing network segmentation and access controls to limit exposure of the Centreon web interface can reduce the attack surface. Additionally, organizations should enable detailed logging and monitoring of access to event logs pages to detect any unauthorized access attempts. Reviewing and tightening ACL configurations within Centreon web and integrating multi-factor authentication for privileged accounts can further reduce risk. Regular security assessments and penetration testing focused on privilege escalation vectors in monitoring tools are recommended to proactively identify similar issues.