CVE-2025-5965 is an OS Command Injection vulnerability classified under CWE-78 found in Centreon Infra Monitoring's backup configuration modules. The vulnerability arises because the software improperly neutralizes special characters or elements in backup parameters, allowing a user with high privileges to append arbitrary OS commands to the backup setup process. This can lead to execution of unintended commands on the underlying operating system with the privileges of the Centreon service or the user executing the backup. Affected versions include 24.04.0 prior to 24.04.19, 24.10.0 prior to 24.10.15, and 25.10.0 prior to 25.10.2. The CVSS v3.1 score is 7.2, reflecting high severity due to network attack vector, low attack complexity, required high privileges, no user interaction, and full impact on confidentiality, integrity, and availability. Although no exploits are publicly known, the vulnerability poses a significant risk because a compromised backup configuration can lead to arbitrary command execution, potentially allowing attackers to manipulate monitoring data, disrupt monitoring services, or pivot within the network. The vulnerability affects critical monitoring infrastructure, which is often integral to enterprise IT and industrial control environments. The flaw was reserved in June 2025 and published in January 2026, indicating a recent discovery and disclosure. The lack of patch links suggests users must rely on vendor advisories or updates to remediate.

For European organizations, this vulnerability threatens the integrity and availability of critical infrastructure monitoring systems. Centreon Infra Monitoring is widely used in IT operations, telecommunications, energy, and manufacturing sectors across Europe. Exploitation could allow attackers to execute arbitrary commands, potentially disabling monitoring, falsifying alerts, or gaining further footholds in networks. This could lead to undetected outages, delayed incident response, and broader compromise of enterprise systems. The requirement for high privileges limits exploitation to insiders or attackers who have already escalated privileges, but the impact remains severe due to the critical role of monitoring systems. Disruption in sectors such as energy grids, transportation, and healthcare could have cascading effects on public safety and economic stability. Additionally, the ability to manipulate backup configurations may facilitate persistence and stealthy attacks, complicating forensic investigations and recovery efforts.

Organizations should immediately identify all Centreon Infra Monitoring instances and verify their versions. They must upgrade affected versions to the latest patched releases: 24.04.19 or later, 24.10.15 or later, and 25.10.2 or later as provided by Centreon. Until patches are applied, restrict access to backup configuration modules strictly to trusted administrators and implement strong privilege management to minimize the number of users with high privileges. Conduct thorough audits of backup configurations to detect any unauthorized or suspicious command injections. Employ application-layer firewalls or intrusion detection systems to monitor and block anomalous command execution patterns related to Centreon processes. Regularly review logs for unusual activity around backup operations. Additionally, consider isolating monitoring infrastructure from general user networks to reduce attack surface. Engage with Centreon support for any available hotfixes or workarounds and monitor for updates or exploit reports.