CVE-2025-8432 HIGH

CVE-2025-8432: CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Vendor Centreon
Product Infra Monitoring
Weakness CWE-276
Published October 27, 2025
Last update October 30, 2025

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 30, 2025 Record updated