PT-2026-1258 · Centreon · Centreon Infra Monitoring
H00Die-Gr3Y
·
Published
2026-01-05
·
Updated
2026-01-26
·
CVE-2025-5965
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Centreon Infra Monitoring versions 25.10.0 through 25.10.1
Centreon Infra Monitoring versions 24.10.0 through 24.10.14
Centreon Infra Monitoring versions 24.04.0 through 24.04.18
Description
A flaw exists in the backup parameters of Centreon Infra Monitoring where a user with high privileges can append custom instructions to the backup configuration. This can lead to OS Command Injection due to improper neutralization of special elements used in OS commands. The issue is present in the backup configuration within the administration setup modules.
Recommendations
Update Centreon Infra Monitoring to version 25.10.2 or later.
Update Centreon Infra Monitoring to version 24.10.15 or later.
Update Centreon Infra Monitoring to version 24.04.19 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centreon Infra Monitoring