CVE-2025-4646

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4646

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4646.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4646

Published

2025-05-13T10:15:29Z

Modified

2025-05-17T14:26:12.952196Z

Summary

[none]

Details

Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type: GIT
Repo: https://github.com/centreon/centreon
Events: Introduced

7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3

Fixed

fa9a8462b37b9070ef510ca5aa8396772f47a494

Affected versions

centreon-awie-24.*

centreon-awie-24.04.0

centreon-dsm-24.*

centreon-dsm-24.04.0

centreon-dsm-24.04.2

centreon-dsm-24.04.3

centreon-gorgone-24.*

centreon-gorgone-24.04.0

centreon-gorgone-24.04.1

centreon-gorgone-24.04.2

centreon-ha-24.*

centreon-ha-24.04.0

centreon-open-tickets-24.*

centreon-open-tickets-24.04.0

centreon-open-tickets-24.04.1

centreon-open-tickets-24.04.2

centreon-open-tickets-24.04.3

centreon-web-24.*

centreon-web-24.04.0

centreon-web-24.04.2

centreon-web-24.04.3

centreon-web-24.04.4

centreon-web-24.04.5

centreon-web-24.04.6

centreon-web-24.04.7

centreon-web-24.04.8

centreon-web-24.04.9