CVE-2025-8432
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Centreon | Infra Monitoring | 24.10.0 < 24.10.6 | affected |
| Centreon | Infra Monitoring | 24.04.0 < 24.04.9 | affected |
| Centreon | Infra Monitoring | 23.10.0 < 23.10.15 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/centreon/centreon/releases
- https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.