Skip to main content

CVE-2025-4649: CWE-269 Improper Privilege Management in Centreon web

Medium
VulnerabilityCVE-2025-4649cvecve-2025-4649cwe-269
Published: Tue May 13 2025 (05/13/2025, 11:40:23 UTC)
Source: CVE
Vendor/Project: Centreon
Product: web

Description

Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

AI-Powered Analysis

AILast updated: 07/12/2025, 02:18:48 UTC

Technical Analysis

CVE-2025-4649 is an Improper Privilege Management vulnerability (CWE-269) identified in Centreon web, a widely used IT infrastructure monitoring software. The vulnerability arises from the incorrect enforcement of Access Control Lists (ACLs) on the "event logs" page, which is intended to be accessible only by users with high privileges. Due to this flaw, users with elevated but not necessarily full administrative privileges can view all available event logs, effectively escalating their privileges beyond intended limits. This exposure compromises the confidentiality of sensitive log data, which may contain critical operational details or security-related events. The affected versions include Centreon web releases from 23.04.24 up to but not including 23.04.26, 23.10.19 up to 23.10.21, 24.04.09 up to 24.04.10, and 24.10.3 up to 24.10.4. The vulnerability has a CVSS v3.1 base score of 4.9 (medium severity), reflecting that it is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no official patches have been linked yet. The flaw stems from improper privilege checks that fail to restrict access to sensitive event logs, allowing unauthorized data disclosure to users with elevated but insufficient privileges.

Potential Impact

For European organizations using Centreon web for IT infrastructure monitoring, this vulnerability poses a risk of unauthorized disclosure of sensitive event logs. Such logs often contain detailed records of system events, security alerts, and operational data that could be leveraged by malicious insiders or attackers who have gained elevated access to further reconnaissance or lateral movement within the network. The exposure of these logs could facilitate targeted attacks, hinder incident response by revealing monitoring activities, or violate data protection regulations if logs contain personal or sensitive information. While the vulnerability does not directly allow modification or disruption of services, the confidentiality breach can undermine trust in monitoring systems and complicate compliance with GDPR and other European data protection laws. Organizations in critical infrastructure sectors, finance, healthcare, and government are particularly at risk due to the sensitive nature of their monitored environments and the regulatory scrutiny they face.

Mitigation Recommendations

European organizations should prioritize upgrading Centreon web installations to the fixed versions beyond 23.04.26, 23.10.21, 24.04.10, or 24.10.4 as soon as official patches become available. Until patches are applied, administrators should restrict access to the event logs page strictly to the minimum necessary users with verified high privileges and audit current user roles to ensure no excessive permissions are granted. Implementing network segmentation and access controls to limit exposure of the Centreon web interface can reduce the attack surface. Additionally, organizations should enable detailed logging and monitoring of access to event logs pages to detect any unauthorized access attempts. Reviewing and tightening ACL configurations within Centreon web and integrating multi-factor authentication for privileged accounts can further reduce risk. Regular security assessments and penetration testing focused on privilege escalation vectors in monitoring tools are recommended to proactively identify similar issues.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Centreon
Date Reserved
2025-05-13T09:47:58.210Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9816c4522896dcbd667e

Added to database: 5/21/2025, 9:08:38 AM

Last enriched: 7/12/2025, 2:18:48 AM

Last updated: 8/18/2025, 7:41:27 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats