CVE-2025-4646 HIGH

CVE-2025-4646: A high privilege user is able to create and use a valid admin API token in centreon-web

Vendor Centreon
Product web
Weakness CWE-863 · Incorrect authorization
Published May 13, 2025
Last update October 8, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
October 8, 2025 Record updated