CVE-2025-4649

Published May 13, 2025

Last updated a month ago

CVSS medium 4.9

Overview

Description
Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
Source
bd4443e6-1eef-43f3-9886-25fc9ceeaae7
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

bd4443e6-1eef-43f3-9886-25fc9ceeaae7
CWE-269

Social media

Hype score
Not currently trending

  1. CVE-2025-4649 Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" pag… https://t.co/q9yQnZLgt3

    @CVEnew

    13 May 2025

    420 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.