CVE-2025-4649 is a vulnerability classified under CWE-755, indicating improper handling of exceptional conditions within the Centreon web monitoring platform. Specifically, the issue arises from incorrect enforcement of Access Control Lists (ACLs) on the 'event logs' page. This page is intended to be accessible only by users with high privileges, as it displays sensitive event logs. However, due to the flawed ACL implementation, users with lower privileges may gain unauthorized access to all available logs, effectively escalating their privileges within the system. The vulnerability affects multiple Centreon web versions: 24.10.3 before 24.10.4, 24.04.09 before 24.04.10, 23.10.19 before 23.10.21, and 23.04.24 before 23.04.26. Exploitation requires network access (AV:N) and privileges (PR:H), but no user interaction (UI:N) is needed. The scope is unchanged (S:U), and the impact primarily affects confidentiality (C:H), with no impact on integrity or availability. No public exploits are known at this time, but the vulnerability could allow attackers with some privileges to access sensitive logs, potentially revealing information useful for further attacks or reconnaissance. The vulnerability was published on May 13, 2025, and no official patches are linked in the provided data, though fixed versions are indicated by version numbers.

For European organizations, especially those relying on Centreon for IT infrastructure and network monitoring, this vulnerability poses a risk of unauthorized disclosure of sensitive event logs. Such logs often contain detailed information about system events, security incidents, and operational status, which could be leveraged by attackers for lateral movement, reconnaissance, or planning further attacks. Confidentiality breaches could lead to exposure of internal security posture and vulnerabilities. Although the vulnerability does not directly affect system integrity or availability, the unauthorized access to logs undermines trust in monitoring systems and could delay incident response. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, may face compliance risks if sensitive information is exposed. The requirement for existing privileges limits exploitation to insiders or compromised accounts, but the ease of bypassing ACLs elevates the threat level. The absence of known exploits reduces immediate risk but does not eliminate the need for prompt remediation.

European organizations should immediately verify their Centreon web versions and plan upgrades to the fixed releases: 24.10.4 or later, 24.04.10 or later, 23.10.21 or later, and 23.04.26 or later. In the absence of immediate patching, administrators should restrict access to the 'event logs' page to only the most trusted users and review user privilege assignments to minimize the number of accounts with high privileges. Implement network segmentation and firewall rules to limit access to Centreon web interfaces to authorized personnel only. Conduct thorough audits of user activity logs to detect any unauthorized access attempts. Additionally, consider deploying Web Application Firewalls (WAFs) with custom rules to monitor and block anomalous requests targeting the event logs page. Regularly update and test incident response plans to handle potential data exposure scenarios. Finally, maintain close communication with Centreon for official patches and advisories.