CVE-2025-15026
Missing Authentication in Centreon Awie Module Allows Unauthorized Access
Publication date: 2026-01-05
Last updated on: 2026-01-05
Assigner: Centreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| centreon | infra_monitoring | From 24.04.0 (inc) to 24.04.3 (exc) |
| centreon | infra_monitoring | From 24.10.0 (inc) to 24.10.3 (exc) |
| centreon | infra_monitoring | From 25.10.0 (inc) to 25.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authentication for Critical Function issue in the Centreon Infra Monitoring's Awie import module. It allows unauthorized users to access functionality that is not properly protected by Access Control Lists (ACLs), meaning critical functions can be accessed without proper authentication.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows attackers to access and potentially manipulate critical functions without authentication. This can lead to full compromise of confidentiality, integrity, and availability of the affected system, as indicated by the high CVSS score of 9.8.