CVE-2025-5946

216.73.216.36

· Published 14/10/2025 15:16 · Modified 14/10/2025 19:36

Labels: CVE-2025-5946 2025-10-14 CVE-2025-5946 CWE-78 bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Essential information

Published: 14/10/2025 15:16
Modified: 14/10/2025 19:36
Author: —
Creator: —
CVSS: 7.2 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7
NVD: View on NVD

Affected products (CPE)

Product	CPE
centreon / centreon infra monitoring	`cpe:2.3:a:centreon:centreon_infra_monitoring:24.10.0-24.10.12:::::::*`
centreon / centreon infra monitoring	`cpe:2.3:a:centreon:centreon_infra_monitoring:24.04.0-24.04.17:::::::*`
centreon / centreon infra monitoring	`cpe:2.3:a:centreon:centreon_infra_monitoring:23.10.0-23.10.27:::::::*`