CVE-2025-4649 MEDIUM

CVE-2025-4649: ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.

Vendor Centreon
Product web
Weakness CWE-755
Published May 13, 2025
Last update October 15, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
October 15, 2025 Record updated