← Retour aux CVEs
CVE-2025-5965
HIGH7.2
Description
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
Details CVE
Score CVSS v3.17.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie1/5/2026
Derniere modification1/26/2026
Sourcenvd
Observations honeypot0
Produits affectes
centreon:centreon_web
Faiblesses (CWE)
CWE-78
References
https://github.com/centreon/centreon/releases(bd4443e6-1eef-43f3-9886-25fc9ceeaae7)
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362(bd4443e6-1eef-43f3-9886-25fc9ceeaae7)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.