PT-2025-20842 · Centreon · Centreon Web
Floerer
·
Published
2025-05-13
·
Updated
2025-10-22
·
CVE-2025-4646
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Centreon web versions 24.04.0 through 24.04.9
Centreon web versions 24.10.0 through 24.10.3
Description:
The issue is related to Improper Privilege Management in the API Token creation form modules, allowing Privilege Escalation.
Recommendations:
For Centreon web versions 24.04.0 through 24.04.9, update to version 24.04.10 or later.
For Centreon web versions 24.10.0 through 24.10.3, update to version 24.10.4 or later.
Exploit
Fix
LPE
Incorrect Authorization
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centreon Web