CVE-2025-4646

Published: May 13, 2025Modified: Oct 22, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7 (Secondary)

Description

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

Affected (2)

Products: Centreon: Centreon Web

Centreon

1 product

Centreon Web

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Centreon Centreon Web	From 24.04.0 to 24.04.10
Centreon Centreon Web	From 24.10.0 to 24.10.4

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://github.com/centreon/centreon/releases

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Release Notes

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Vendor Advisory

Timeline

No history available yet.