216.73.216.6

CVE-2025-5965

· Published 05/01/2026 10:15 · Modified 05/01/2026 10:15

Labels: CVE-2025-5965 2026-01-05CVE-2025-5965CWE-78bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Essential information

Published
05/01/2026 10:15
Modified
05/01/2026 10:15
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
bd4443e6-1eef-43f3-9886-25fc9ceeaae7
NVD
View on NVD

Affected products (CPE)

ProductCPE
centreon / infra monitoring cpe:2.3:a:centreon:infra_monitoring:25.10.0-25.10.2:*:*:*:*:*:*:*
centreon / infra monitoring cpe:2.3:a:centreon:infra_monitoring:24.10.0-24.10.15:*:*:*:*:*:*:*
centreon / infra monitoring cpe:2.3:a:centreon:infra_monitoring:24.04.0-24.04.19:*:*:*:*:*:*:*

References