CVE-2025-4649

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4649

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4649.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4649

Published

2025-05-13T12:15:18Z

Modified

2025-05-17T14:26:10.843348Z

Summary

[none]

Details

Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.

This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type: GIT
Repo: https://github.com/centreon/centreon
Events: Introduced

111e987683bd40fdffb4d2eddc1b5a6157d5e92f

Fixed

2b60094f046e35ab15b364f099c8ba9028f1ffae

Affected versions

centreon-web-24.*

centreon-web-24.10.3