CVE-2025-8432
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-10-30
Assigner: Centreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| centreon | mbi | * |
| centreon | centreon-bi-server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Default Permissions issue in Centreon Infra Monitoring's MBI modules. It allows a CentreonBI user account on the MBI server to embed scripts within other scripts, potentially enabling unauthorized script execution or manipulation.
How can this vulnerability impact me? :
The vulnerability can lead to high impact consequences including unauthorized access and control over the system, as it allows embedding scripts within scripts. This can compromise confidentiality, integrity, and availability of the affected system, potentially leading to data breaches, system manipulation, or denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Centreon Infra Monitoring to a fixed version that addresses the issue. Specifically, update to version 24.10.6 or later, 24.04.9 or later, or 23.10.15 or later, depending on your current installed version. These versions contain the patches that correct the incorrect default permissions vulnerability. [1]