Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection.
On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Metrics
Affected Vendors & Products
References
History
Wed, 22 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Centreon centreon Web
|
|
CPEs | cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:* | |
Vendors & Products |
Centreon centreon Web
|
Tue, 21 Oct 2025 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Centreon
Centreon centreon |
|
Vendors & Products |
Centreon
Centreon centreon |
Tue, 14 Oct 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 14 Oct 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | |
Title | RCE via the poller reload feature available only to user with high privilege | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Centreon
Published: 2025-10-14T14:29:00.514Z
Updated: 2025-10-14T16:03:12.207Z
Reserved: 2025-06-09T17:09:29.545Z
Link: CVE-2025-5946

Updated: 2025-10-14T16:03:07.677Z

Status : Analyzed
Published: 2025-10-14T15:16:11.967
Modified: 2025-10-22T14:08:29.633
Link: CVE-2025-5946

No data.