CVE-2025-4649

Source
https://cve.org/CVERecord?id=CVE-2025-4649
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4649.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4649
Published
2025-05-13T11:40:23.198Z
Modified
2026-07-15T02:15:16.769442593Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
Details

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.

ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Database specific
{
    "cna_assigner": "Centreon",
    "cwe_ids": [
        "CWE-755"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4649.json"
}
References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type
GIT
Repo
https://github.com/centreon/centreon
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:centreon:centreon_web:24.04.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:centreon:centreon_web:24.10.3:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "23.04.24"
        },
        {
            "fixed": "23.04.26"
        },
        {
            "introduced": "23.10.19"
        },
        {
            "fixed": "23.10.21"
        },
        {
            "introduced": "24.04.9"
        },
        {
            "last_affected": "24.04.9"
        },
        {
            "introduced": "24.10.3"
        },
        {
            "last_affected": "24.10.3"
        }
    ]
}

Affected versions

24.*
24.04.9
24.10.3
centreon-dsm-23.*
centreon-dsm-23.10.2
centreon-web-23.*
centreon-web-23.04.24
centreon-web-23.04.25
centreon-web-23.10.19
centreon-web-23.10.20
centreon-widget-host-monitoring-23.*
centreon-widget-host-monitoring-23.04.3
centreon-widget-host-monitoring-23.04.4
centreon-widget-host-monitoring-23.10.2
centreon-widget-host-monitoring-23.10.3
centreon-widget-hostgroup-monitoring-23.*
centreon-widget-hostgroup-monitoring-23.04.2
centreon-widget-hostgroup-monitoring-23.10.1
centreon-widget-live-top10-cpu-usage-23.*
centreon-widget-live-top10-cpu-usage-23.04.2
centreon-widget-live-top10-cpu-usage-23.10.1
centreon-widget-live-top10-memory-usage-23.*
centreon-widget-live-top10-memory-usage-23.04.2
centreon-widget-live-top10-memory-usage-23.10.1
centreon-widget-service-monitoring-23.*
centreon-widget-service-monitoring-23.04.2
centreon-widget-service-monitoring-23.10.1
centreon-widget-servicegroup-monitoring-23.*
centreon-widget-servicegroup-monitoring-23.04.2
centreon-widget-servicegroup-monitoring-23.10.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4649.json"