Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
History

Wed, 22 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Centreon centreon Web
CPEs cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
Vendors & Products Centreon centreon Web

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Centreon
Centreon centreon
Vendors & Products Centreon
Centreon centreon

Tue, 14 Oct 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Title RCE via the poller reload feature available only to user with high privilege
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Centreon

Published: 2025-10-14T14:29:00.514Z

Updated: 2025-10-14T16:03:12.207Z

Reserved: 2025-06-09T17:09:29.545Z

Link: CVE-2025-5946

cve-icon Vulnrichment

Updated: 2025-10-14T16:03:07.677Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-14T15:16:11.967

Modified: 2025-10-22T14:08:29.633

Link: CVE-2025-5946

cve-icon Redhat

No data.