CVE-2025-4649: CWE-269 Improper Privilege Management in Centreon web
Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
AI Analysis
Technical Summary
CVE-2025-4649 is an Improper Privilege Management vulnerability (CWE-269) identified in Centreon web, a widely used IT infrastructure monitoring software. The vulnerability arises from the incorrect enforcement of Access Control Lists (ACLs) on the "event logs" page, which is intended to be accessible only by users with high privileges. Due to this flaw, users with elevated but not necessarily full administrative privileges can view all available event logs, effectively escalating their privileges beyond intended limits. This exposure compromises the confidentiality of sensitive log data, which may contain critical operational details or security-related events. The affected versions include Centreon web releases from 23.04.24 up to but not including 23.04.26, 23.10.19 up to 23.10.21, 24.04.09 up to 24.04.10, and 24.10.3 up to 24.10.4. The vulnerability has a CVSS v3.1 base score of 4.9 (medium severity), reflecting that it is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no official patches have been linked yet. The flaw stems from improper privilege checks that fail to restrict access to sensitive event logs, allowing unauthorized data disclosure to users with elevated but insufficient privileges.
Potential Impact
For European organizations using Centreon web for IT infrastructure monitoring, this vulnerability poses a risk of unauthorized disclosure of sensitive event logs. Such logs often contain detailed records of system events, security alerts, and operational data that could be leveraged by malicious insiders or attackers who have gained elevated access to further reconnaissance or lateral movement within the network. The exposure of these logs could facilitate targeted attacks, hinder incident response by revealing monitoring activities, or violate data protection regulations if logs contain personal or sensitive information. While the vulnerability does not directly allow modification or disruption of services, the confidentiality breach can undermine trust in monitoring systems and complicate compliance with GDPR and other European data protection laws. Organizations in critical infrastructure sectors, finance, healthcare, and government are particularly at risk due to the sensitive nature of their monitored environments and the regulatory scrutiny they face.
Mitigation Recommendations
European organizations should prioritize upgrading Centreon web installations to the fixed versions beyond 23.04.26, 23.10.21, 24.04.10, or 24.10.4 as soon as official patches become available. Until patches are applied, administrators should restrict access to the event logs page strictly to the minimum necessary users with verified high privileges and audit current user roles to ensure no excessive permissions are granted. Implementing network segmentation and access controls to limit exposure of the Centreon web interface can reduce the attack surface. Additionally, organizations should enable detailed logging and monitoring of access to event logs pages to detect any unauthorized access attempts. Reviewing and tightening ACL configurations within Centreon web and integrating multi-factor authentication for privileged accounts can further reduce risk. Regular security assessments and penetration testing focused on privilege escalation vectors in monitoring tools are recommended to proactively identify similar issues.
Affected Countries
France, Germany, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
CVE-2025-4649: CWE-269 Improper Privilege Management in Centreon web
Description
Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
AI-Powered Analysis
Technical Analysis
CVE-2025-4649 is an Improper Privilege Management vulnerability (CWE-269) identified in Centreon web, a widely used IT infrastructure monitoring software. The vulnerability arises from the incorrect enforcement of Access Control Lists (ACLs) on the "event logs" page, which is intended to be accessible only by users with high privileges. Due to this flaw, users with elevated but not necessarily full administrative privileges can view all available event logs, effectively escalating their privileges beyond intended limits. This exposure compromises the confidentiality of sensitive log data, which may contain critical operational details or security-related events. The affected versions include Centreon web releases from 23.04.24 up to but not including 23.04.26, 23.10.19 up to 23.10.21, 24.04.09 up to 24.04.10, and 24.10.3 up to 24.10.4. The vulnerability has a CVSS v3.1 base score of 4.9 (medium severity), reflecting that it is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no official patches have been linked yet. The flaw stems from improper privilege checks that fail to restrict access to sensitive event logs, allowing unauthorized data disclosure to users with elevated but insufficient privileges.
Potential Impact
For European organizations using Centreon web for IT infrastructure monitoring, this vulnerability poses a risk of unauthorized disclosure of sensitive event logs. Such logs often contain detailed records of system events, security alerts, and operational data that could be leveraged by malicious insiders or attackers who have gained elevated access to further reconnaissance or lateral movement within the network. The exposure of these logs could facilitate targeted attacks, hinder incident response by revealing monitoring activities, or violate data protection regulations if logs contain personal or sensitive information. While the vulnerability does not directly allow modification or disruption of services, the confidentiality breach can undermine trust in monitoring systems and complicate compliance with GDPR and other European data protection laws. Organizations in critical infrastructure sectors, finance, healthcare, and government are particularly at risk due to the sensitive nature of their monitored environments and the regulatory scrutiny they face.
Mitigation Recommendations
European organizations should prioritize upgrading Centreon web installations to the fixed versions beyond 23.04.26, 23.10.21, 24.04.10, or 24.10.4 as soon as official patches become available. Until patches are applied, administrators should restrict access to the event logs page strictly to the minimum necessary users with verified high privileges and audit current user roles to ensure no excessive permissions are granted. Implementing network segmentation and access controls to limit exposure of the Centreon web interface can reduce the attack surface. Additionally, organizations should enable detailed logging and monitoring of access to event logs pages to detect any unauthorized access attempts. Reviewing and tightening ACL configurations within Centreon web and integrating multi-factor authentication for privileged accounts can further reduce risk. Regular security assessments and penetration testing focused on privilege escalation vectors in monitoring tools are recommended to proactively identify similar issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Centreon
- Date Reserved
- 2025-05-13T09:47:58.210Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9816c4522896dcbd667e
Added to database: 5/21/2025, 9:08:38 AM
Last enriched: 7/12/2025, 2:18:48 AM
Last updated: 8/18/2025, 7:41:27 PM
Views: 17
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.