CVE-2025-5965
OS Command Injection in Centreon Infra Monitoring Backup Setup
Publication date: 2026-01-05
Last updated on: 2026-01-05
Assigner: Centreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| centreon | infra_monitoring | From 24.04.0 (inc) to 24.04.19 (exc) |
| centreon | infra_monitoring | From 24.10.0 (inc) to 24.10.15 (exc) |
| centreon | infra_monitoring | From 25.10.0 (inc) to 25.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection in Centreon Infra Monitoring's backup configuration. A user with high privileges can add custom instructions to the backup setup parameters, which are not properly neutralized, allowing them to execute arbitrary operating system commands.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized execution of OS commands with high privileges, potentially compromising the confidentiality, integrity, and availability of the system. This could result in data breaches, system manipulation, or denial of service.