CVE-2025-15026

Published: Jan 5, 2026Modified: Jan 26, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7 (Secondary)

Description

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

Affected (3)

Products: Centreon: Awie

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Centreon Awie	From 24.04.0 to 24.04.3
Centreon Awie	From 24.10.0 to 24.10.3
Centreon Awie	From 25.10.0 to 25.10.2

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://github.com/centreon/centreon/releases

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Release Notes

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

PatchVendor Advisory

Timeline

No history available yet.