Home

Description

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

PUBLISHED Reserved 2025-07-31 | Published 2025-10-27 | Updated 2025-10-30 | Assigner Centreon




HIGH: 8.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status
unaffected

24.10.0 (custom) before 24.10.6
affected

24.04.0 (custom) before 24.04.9
affected

23.10.0 (custom) before 23.10.15
affected

Credits

Stago finder

References

github.com/centreon/centreon/releases release-notes

thewatch.centreon.com/...432-centreon-mbi-high-severity-5180 vendor-advisory

cve.org (CVE-2025-8432)

nvd.nist.gov (CVE-2025-8432)

Download JSON