CVE-2025-8432

216.73.216.6

· Published 27/10/2025 10:15 · Modified 27/10/2025 13:19

Labels: CVE-2025-8432 2025-10-27 CVE-2025-8432 CWE-276 bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Essential information

Published: 27/10/2025 10:15
Modified: 27/10/2025 13:19
Author: —
Creator: —
CVSS: 8.4 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7
NVD: View on NVD

Affected products (CPE)

Product	CPE
centreon / centreon infra monitoring	`cpe:2.3:a:centreon:centreon_infra_monitoring:24.10.0-24.10.5:::::::*`
centreon / centreon infra monitoring	`cpe:2.3:a:centreon:centreon_infra_monitoring:24.04.0-24.04.8:::::::*`
centreon / centreon infra monitoring	`cpe:2.3:a:centreon:centreon_infra_monitoring:23.10.0-23.10.14:::::::*`