CVE-2025-8432 - Vulnerability Details - OpenCVE

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Centreon	Centreon

No data.

No data.

References

Link	Providers
https://github.com/centreon/centreon/releases

History

Mon, 27 Oct 2025 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Centreon Centreon centreon
Vendors & Products		Centreon Centreon centreon

Mon, 27 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 27 Oct 2025 10:15:00 +0000

Type	Values Removed	Values Added
Description		Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.
Title		CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON
Weaknesses		CWE-276
References		https://github.com/centreon/centreon/releases
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Centreon

Published: 2025-10-27T10:08:33.662Z

Updated: 2025-10-27T15:10:36.211Z

Reserved: 2025-07-31T18:48:13.937Z

Link: CVE-2025-8432

Vulnrichment

Updated: 2025-10-27T15:10:28.331Z

NVD

Status : Awaiting Analysis

Published: 2025-10-27T10:15:39.350

Modified: 2025-10-27T13:19:49.063

Link: CVE-2025-8432

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8432", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "state": "PUBLISHED", "assignerShortName": "Centreon", "dateReserved": "2025-07-31T18:48:13.937Z", "datePublished": "2025-10-27T10:08:33.662Z", "dateUpdated": "2025-10-27T15:10:36.211Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["MBI"], "product": "Infra Monitoring", "vendor": "Centreon", "versions": [{"lessThan": "24.10.6", "status": "affected", "version": "24.10.0", "versionType": "custom"}, {"lessThan": "24.04.9", "status": "affected", "version": "24.04.0", "versionType": "custom"}, {"lessThan": "23.10.15", "status": "affected", "version": "23.10.0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*", "versionEndExcluding": "24.10.6", "versionStartIncluding": "24.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*", "versionEndExcluding": "24.04.9", "versionStartIncluding": "24.04.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*", "versionEndExcluding": "23.10.15", "versionStartIncluding": "23.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Stago"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server <p>This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.</p>"}], "value": "Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by\u00a0CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15."}], "impacts": [{"capecId": "CAPEC-19", "descriptions": [{"lang": "en", "value": "CAPEC-19 Embedding Scripts within Scripts"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2025-10-27T10:08:33.662Z"}, "references": [{"tags": ["release-notes"], "url": "https://github.com/centreon/centreon/releases"}], "source": {"discovery": "UNKNOWN"}, "title": "CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-27T15:10:22.447369Z", "id": "CVE-2025-8432", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T15:10:36.211Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8432", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-27T15:10:22.447369Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T15:10:28.331Z"}}], "cna": {"title": "CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Stago"}], "impacts": [{"capecId": "CAPEC-19", "descriptions": [{"lang": "en", "value": "CAPEC-19 Embedding Scripts within Scripts"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Centreon", "modules": ["MBI"], "product": "Infra Monitoring", "versions": [{"status": "affected", "version": "24.10.0", "lessThan": "24.10.6", "versionType": "custom"}, {"status": "affected", "version": "24.04.0", "lessThan": "24.04.9", "versionType": "custom"}, {"status": "affected", "version": "23.10.0", "lessThan": "23.10.15", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/centreon/centreon/releases", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by\u00a0CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server <p>This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "24.10.6", "versionStartIncluding": "24.10.0"}, {"criteria": "cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "24.04.9", "versionStartIncluding": "24.04.0"}, {"criteria": "cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "23.10.15", "versionStartIncluding": "23.10.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2025-10-27T10:08:33.662Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8432", "state": "PUBLISHED", "dateUpdated": "2025-10-27T15:10:36.211Z", "dateReserved": "2025-07-31T18:48:13.937Z", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "datePublished": "2025-10-27T10:08:33.662Z", "assignerShortName": "Centreon"}, "dataVersion": "5.1"}