CVE-2025-4649

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-4649
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4649.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4649
Published
2025-05-13T11:40:23.198Z
Modified
2026-04-10T05:28:27.110396Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
Details

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.

ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Database specific 
{
    "cwe_ids": [
        "CWE-755"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4649.json",
    "cna_assigner": "Centreon"
}
References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
111e987683bd40fdffb4d2eddc1b5a6157d5e92f
Fixed
2b60094f046e35ab15b364f099c8ba9028f1ffae
Database specific 
{
    "versions": [
        {
            "introduced": "24.10.3"
        },
        {
            "fixed": "24.10.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fa9a8462b37b9070ef510ca5aa8396772f47a494
Database specific 
{
    "versions": [
        {
            "introduced": "24.04.09"
        },
        {
            "fixed": "24.04.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
fb598ff8abcb72584bfde1e36c30fe2713a92883
Fixed
7f9ce0c08fd56e4b69b62779b0ea2a8a644b1405
Database specific 
{
    "versions": [
        {
            "introduced": "23.10.19"
        },
        {
            "fixed": "23.10.21"
        }
    ]
}
Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
b101013703778fae34db470c4d7d4c9bb2e0988d
Fixed
5c5c1de1d5fc969173cf851181987faff1c0d518
Database specific 
{
    "versions": [
        {
            "introduced": "23.04.24"
        },
        {
            "fixed": "23.04.26"
        }
    ]
}

Affected versions

centreon-awie-23.*
centreon-awie-23.10.0
centreon-awie-24.*
centreon-awie-24.04.0
centreon-awie-24.04.0-1706202331.043ee14
centreon-awie-24.04.0-1712565353.6377ace
centreon-dsm-23.*
centreon-dsm-23.10.0
centreon-dsm-23.10.2
centreon-dsm-24.*
centreon-dsm-24.04.0
centreon-dsm-24.04.0-1706202331.043ee14
centreon-dsm-24.04.0-1712565352.6377ace
centreon-dsm-24.04.2
centreon-dsm-24.04.3
centreon-gorgone-23.*
centreon-gorgone-23.10.0
centreon-gorgone-24.*
centreon-gorgone-24.04.0
centreon-gorgone-24.04.0-1706202331.043ee14
centreon-gorgone-24.04.0-1708603062.d2600f5
centreon-gorgone-24.04.0-1712565345.6377ace
centreon-gorgone-24.04.1
centreon-gorgone-24.04.2
centreon-ha-23.*
centreon-ha-23.10.0
centreon-ha-24.*
centreon-ha-24.04.0
centreon-ha-24.04.0-1706202331.043ee14
centreon-ha-24.04.0-1712232486.6ef0505
centreon-open-tickets-23.*
centreon-open-tickets-23.10.0
centreon-open-tickets-24.*
centreon-open-tickets-24.04.0
centreon-open-tickets-24.04.0-1706202331.043ee14
centreon-open-tickets-24.04.0-1712565351.6377ace
centreon-open-tickets-24.04.1
centreon-open-tickets-24.04.2
centreon-open-tickets-24.04.3
centreon-web-23.*
centreon-web-23.04.24
centreon-web-23.04.25
centreon-web-23.10.0
centreon-web-23.10.19
centreon-web-23.10.20
centreon-web-24.*
centreon-web-24.04.0
centreon-web-24.04.0-1706202331.043ee14
centreon-web-24.04.0-1708603064.d2600f5
centreon-web-24.04.0-1712606052.6377ace
centreon-web-24.04.2
centreon-web-24.04.3
centreon-web-24.04.4
centreon-web-24.04.5
centreon-web-24.04.6
centreon-web-24.04.7
centreon-web-24.04.8
centreon-web-24.04.9
centreon-web-24.10.3
centreon-widget-engine-status-23.*
centreon-widget-engine-status-23.10.0
centreon-widget-global-health-23.*
centreon-widget-global-health-23.10.0
centreon-widget-graph-monitoring-23.*
centreon-widget-graph-monitoring-23.10.0
centreon-widget-host-monitoring-23.*
centreon-widget-host-monitoring-23.04.3
centreon-widget-host-monitoring-23.04.4
centreon-widget-host-monitoring-23.10.0
centreon-widget-host-monitoring-23.10.2
centreon-widget-host-monitoring-23.10.3
centreon-widget-hostgroup-monitoring-23.*
centreon-widget-hostgroup-monitoring-23.04.2
centreon-widget-hostgroup-monitoring-23.10.0
centreon-widget-hostgroup-monitoring-23.10.1
centreon-widget-httploader-23.*
centreon-widget-httploader-23.10.0
centreon-widget-live-top10-cpu-usage-23.*
centreon-widget-live-top10-cpu-usage-23.04.2
centreon-widget-live-top10-cpu-usage-23.10.0
centreon-widget-live-top10-cpu-usage-23.10.1
centreon-widget-live-top10-memory-usage-23.*
centreon-widget-live-top10-memory-usage-23.04.2
centreon-widget-live-top10-memory-usage-23.10.0
centreon-widget-live-top10-memory-usage-23.10.1
centreon-widget-ntopng-listing-23.*
centreon-widget-ntopng-listing-23.10.0
centreon-widget-service-monitoring-23.*
centreon-widget-service-monitoring-23.04.2
centreon-widget-service-monitoring-23.10.0
centreon-widget-service-monitoring-23.10.1
centreon-widget-servicegroup-monitoring-23.*
centreon-widget-servicegroup-monitoring-23.04.2
centreon-widget-servicegroup-monitoring-23.10.0
centreon-widget-servicegroup-monitoring-23.10.1
centreon-widget-single-metric-23.*
centreon-widget-single-metric-23.10.0
centreon-widget-tactical-overview-23.*
centreon-widget-tactical-overview-23.10.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4649.json"