CVE-2025-5946
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-22
Assigner: Centreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| centreon | centreon_web | From 23.10.0 (inc) to 23.10.28 (exc) |
| centreon | centreon_web | From 24.04.0 (inc) to 24.04.18 (exc) |
| centreon | centreon_web | From 24.10.0 (inc) to 24.10.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5946 is an OS Command Injection vulnerability in Centreon Infra Monitoring's poller reload setup. It allows a user with high privileges to inject and execute arbitrary OS commands by concatenating custom instructions into the poller reload command on the poller parameters page. [2]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution, allowing an attacker with high privileges to execute arbitrary commands on the affected system. This can compromise the confidentiality, integrity, and availability of the system and its data. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is strongly recommended to update Centreon Infra Monitoring to the fixed versions 24.10.13, 24.04.18, or 23.10.28, depending on your current version. These updates include cumulative patches that address the OS Command Injection vulnerability in the poller reload feature. Ensuring that only trusted users have high privileges and limiting access to the poller reload functionality can also help reduce risk until the update is applied. [2]